Cybercrime is a ticking time bomb for your FI if you don't prepare accordingly.

How Vulnerable Are Banks to Cybercrime?

Posted on

From new computer virus threats to massive breaches at big name companies, cybercrime seems to find its way into the headlines one way or another. But if you've noticed that these events are getting even more attention than normal as of late, it isn't your imagination.

Whether it's ransomware affecting a major Southeastern fuel supplier or the unrelated Memorial Day ransomware breach that led to supply chain disruptions for a well-known meat processor, numerous industries have become examples of digital vulnerability. This is largely attributable to the degree that businesses rely on the internet for day-to-day business decisions, transactions and operational processes.

As such, banks and credit unions have invested heavily to shore up their cybersecurity infrastructure. But if you think that FIs are subsequently immune from hacking hazards, think again. And it isn't just money that the perpetrators of these hostile acts are after. They're also seeking to get their hands on customer and institutional information. A few weeks ago, a New Jersey-based bank learned this the hard way.

What happened?
Based in Wayne, New Jersey, Valley National Bank was struck with a ransomware attack in June, American Banker reported. Ransomware is a form of malicious software that hackers install onto computers to prevent users from accessing certain files or saved data. The attackers threaten to leave the software in place — or expose the seized data to the public — unless or until a particular sum of money is paid. This threat typically appears on-screen.

"Your network has been compromised," the Valley National attackers wrote, according to American Banker. "We exfiltrated sensitive and confidential documents. If you do not contact us before timer expiration [sic], all data will be leaked."

Shortly after the ransomware attack came to light, a spokesperson at Valley National released a statement informing account holders of the incident and letting them know that everything was under control.

"This legacy network is isolated from the Valley network and is not critical to our operations," the press release said. "We have been and remain operational."

"Over a quarter of all malware-related hacks affect the financial services sector."

Thankfully, the division of Valley National Bankcorp emerged from the cyberattack largely unscathed, however the same cannot be said for many other financial institutions around the country, given the frequency of these events. According to a 2019 study conducted by intelligence research firm Intsights and reported by Forbes, over a quarter of all malware-related hacks affect the financial services sector, which includes banks. That's more than any other industry. Additionally, certain types of attacks have skyrocketed. For example, leaked credentials rose 129% and compromised credit cards jumped 212% versus the prior year. 

Hadar Rosenberg, who led and wrote the Intsights report, told Forbes that bad actors play the odds. In other words, the more account numbers they can obtain, the more likely they'll be able to make unauthorized charges. And it's not just banks in the U.S. that are in attackers' crosshairs.

"Around the globe, banks are seeing more frequent and more aggressive cyberattacks," Rosenberg said. "[T]he severity and sophistication of these attacks are increasing all the time."

Bad actors often hack passwords, compromise usernames
Cybersecurity incidents are an ongoing game of cat and mouse. As FIs optimize their security strategies to improve resilience, perpetrators adjust theirs to get around what solutions banks have devised. But frequently, ransomware facilitators don't have to go to the grandest of lengths to find their way through. According to the organization Group-IB, more than 50% of ransomware attackers gain access by cracking passwords or by undermining usernames, American Banker reported. Phishing, meanwhile, accounts for close to 30% of ransomware incidents, the analysis further revealed.

"The rate at which ATM network attacks occur is expected to increase."

Even ATM networks are in danger. The Intsights report noted a number of organized cybercrime rings operating around the world that make payment card skimmers and then install them onto terminals to make it look like they're a part of the machine itself. And according to Rosenberg, the rate at which these specific incidents occur is expected to increase.  

Here's the bottom line: You may think you have an effective cybersecurity system in place, but virtually all of the FIs impacted by cybercrime felt the same way before they were hit. Every IP address, laptop, camera hookup and alarm system can be exploited if you're not careful. You can't afford to let your guard down with these breaches on the rise. BranchServ Convergint specializes in the technology and processes that deliver results. From password and patch management services to managed detection and response, our solutions help to mitigate the cyber risks associated with physical security systems infrastructure. Our capabilities are method agnostic. Be it ransomware, malware, phishing or denial of service attacks, BranchServ Convergint can help your institution.

To learn more about our customized solutions, please contact us today.