“Banking” on Cybersecurity

Banking on Cybersecurity in Financial Institutions

When you “bank” on a financial institution securing your money, you’re counting on that money to be safe, but you’re not the only one. The banks themselves are also relying on their ability to keep your account secure. If they don’t, the negative consequences they face are enormous. For instance, in the case of a fraudulent debit card transaction, unless you’re proven to have been careless — by giving an unauthorized user your PIN, let’s say — the bank is required by law to reimburse you.

Now, suppose that half a million accounts are drained due to a cybersecurity lapse on the bank’s part. In addition to having to make up the lost funds, the financial institution could see a mass exodus of concerned customers.

Nevertheless, a recent study by a major consulting firm indicated that 78 percent of banks’ senior security officers reported they were “comfortable” with the banks’ cybersecurity strategy, despite the statistics telling a different story.

Last year, there were 85 serious cyber-breach attempts reported by financial institutions in the United States. Of these, approximately 36 percent were successful. And, most ominously, of that 36 percent, well over half (59 percent) went undetected for several months. And these stats do not include the thousands of attempted phishing attacks, malware invasions and random breach attempts by solo hackers.

Clearly, financial institutions are under increasing pressure from cyber miscreants who are getting more organized, more sophisticated and more difficult to catch than ever before.

It’s often said that an ounce of prevention is worth a pound of cure. Simply put, if you don’t allow hackers to penetrate your systems, you won’t have to worry. But this is easier said than done. The number and variety of targeted entry points for expert hackers have greatly expanded in recent years. Some banks, for example, are deploying security cameras and monitoring systems that are internet-enabled. This saves money and operational complications, for sure, but it also makes these devices potential gateways for intruders. In fact, even something as simple as a smart HVAC system can pose a threat, and with the ever-expanding Internet of Things, the number of connections that hackers can potentially penetrate continues to increase.

Another hacker-preferred target is mobile devices, both internal and external. Their security standards are generally less rigorous, and cracking their codes can enable access to customers’ private information. Additionally, financial institutions may employ a bring-your-own-device policy for their employees, making each individually connected device a potential security gap.

The Solution

One of the most neglected solutions is user education. Financial institutions need to instill a culture of awareness among their employees and, to the extent possible, their customers. Many successful data breaches are the result of phishing emails, “watering hole” attacks, where users are enticed to download free software from a linked website — software that appeals to the user’s business needs, but is virus-infected, and poor password management. Aggressive and frequently updated training can all but eliminate these occurrences.

The other part of the equation is having the right security tool in place to protect users so when something goes wrong, which it inevitably will, you are still protected. Although there are a wide variety of security solutions out there that provide solid protection at the endpoint we have yet to see one as comprehensive as what we offer here at SentinelOne. With the SentinelOne platform you get an all in one EPP+EDR solution, which combines prevention, detection, and response in a single lightweight and easy to use agent. In addition, in the unlikely event ransomware makes it past SentinelOne’s multi-layered protection then customers will still be covered by the $1 Million Cyber Warranty in order to mitigate your financial risk.

The fact is, financial institutions will always be attacked, and some attacks will be successful. However, with a focus on security and the right tools organizations can minimize their risk and stop serious damage before it occurs. Bank on SentinelOne to provide that solution.