Whalebone blog

Cyber Attacks on Banks Are Rising: Overall Damage Can Reach Millions | Whalebone

Written by Whalebone | 10.3.2022 14:13:00
  • In the digital age, it goes without saying that cybersecurity is becoming increasingly more important to the banking industry. According to research made by an international analytics company GlobalData, the overall growth in demand for cybersecurity will lead global revenues from security in just the banking sector alone to increase from 7 billion euros in 2019 to 8,6 billion by the year 2024.

Not only are we talking about large sums of money that banks handle but also of the security of customers’ sensitive and exploitable data. The pandemic and the overall movement from real-life interactions to virtual ones led to a rise of 238% in cyberattacks on banks. And more than 27% of COVID-19 cyberattacks targeted specifically banks or healthcare organizations, making them one of the most targeted market segments.

Banks are also one of the most regulated businesses, even in terms of security. This means that they must properly secure their customers and demonstrate regularly to various institutions that they are doing so.

Human Error and Malware

Methods of social engineering are becoming increasingly sophisticated, and they now can deceive even IT professionals. The most common of these is phishing connected to ransomware. One of the recent studies led by F-Secure even found out that employees in IT-related fields are just as susceptible to phishing threats as the rest of the organization which means that phishing schemes are now as dangerous as ever.

Human error is hard to control or protect against except talking to employees and clients about the importance of staying vigilant. One of the factors in play here is the massive amount of end-users who use internet banking, which means that it is easier for attackers to find someone who will fall victim to their schemes. According to research, financial services have 352,771 exposed sensitive files on average compared to just 113,491 files on average in healthcare, pharma, and biotech. This makes the financial sector the market segment most in danger from cyber attacks.

Malware is also marked as one of the most common cyber dangers. Studies show that the highest number of malware was registered in 2017 when the Trojan virus Ramnit accounted for 53% of attacks on the financial sector.

 

Third-Party Services Not Secured

Most banks use some sort of third-party involvement in their technologies and operations in order to provide the best and the most user-friendly experience possible for their customers. This usually brings risk that particular service is possibly unsecured.

Their service might need an upgrade for overall function of e.g. internet banking but it might not always be the best for the security of the firm. In 2020, 86% of breaches were financially motivated and only 10% were motivated by espionage. These data show that banks have to be more vigilant than other sectors. Double-checking their third-party services might be one of the most important preconditions in order to stay safe.

 

Unencrypted Data

According to Enterslice, one of the leading legal technology companies worldwide, a surprisingly common threat to banks is actually encrypted data. It often ends up damaging the company because the attackers get inside the system through it. All important data in the banking industry and financial sectors is now stored in computers or online. If left unencrypted, it is more easily accessible to hackers all around the world who will not hesitate to misuse it for their own personal gain.

Also, research done by SecurityMetrics, a merchant data security company, has shown that 71% of merchants had unencrypted payment card data on their business network, adding up to over 315,000 payment cards being easily exposed to damage. All of the data should be fully encrypted to ensure that it’s safe and not traceable for criminals to use.

 

Gaps in Technology

Internet banking, various financial websites, and apps that can be used to access it are also becoming a problem in terms of security. There are many internet banking products but also a lot of hackers are able to find the weakest link to breach them. For example, a very recent study shows that 41% of customers in India blame their telecom or banking service provider for personal data breaches as awareness of technology gaps becomes more common.

Some studies even suggest that banking websites are the most vulnerable to hacking on the entire internet simply because of the instant promise of a financial reward.

 

Data Manipulation

According to Michael Rogers, director of the National Security Agency in the US, data manipulation is number two on his list of top three cyber security threats. The most dangerous aspect of data manipulation is that it is not easily detectable in the hands of the most professional hackers. They occasionally do not intend to steal data from the banking services right away but they just change it in order to inflict financial damages and get there more easily later and steal all the more. It also tops the lists of banking threats many sources worldwide put out as it’s getting more common.

 

What is Whalebone’s solution?

We offer banks Whalebone Immunity, our AI-based real-time threat intelligence trained on massive data from multinational telcos called. Immunity protects all the devices connected to the network no matter what OS they use. Over 200 companies chose Whalebone for their DNS security and over 150,000 domains are added to our AI-based threat intelligence daily.

For quite some time, we have been protecting for example Equa Bank, one of the largest financial institutions in the Czech Republic. They offer various services such as internet banking in current and savings accounts, multi-currency credit cards, mortgages, term deposits, consumer loans, insurance, and business loans. They were immediately satisfied with our service which has been deployed in a matter of hours, and has provided their IT team complete visibility over communication on devices and in their database at all times without interfering with end-user experience at all.

 

Fail-safe and catches all relevant threats

Immunity can cover the whole network within hours.

“We have not been in contact with technical support at all. We haven’t needed it. You just deploy the solution, and it works. It’s a fail-safe and catches all relevant threats,” said Mário Lipovský, the IT security architect of Equa Bank.