FINAL WORD
EMERGING RISKS: SOCIAL ENGINEERING ATTACKS
ON BANKING ACCOUNTS
E
merging risks related to mobile
banking are highlighted in
the report as a trend that can
expose banks to new cyberthreats.
42% of banks predict that an
overwhelming majority of their
customers will use mobile banking
within three years, but admit that
users are too careless in their online
behavior. Most the banks surveyed
admitted (46%) that their customers
are frequently under attack from
phishing attempts, with 70% of banks
also reporting financial fraud incidents
as a result, leading to monetary loss. one of their main security priorities,
closely followed by the implementation
of more complex authentication and
verification of log-in details (a key
priority for 52%).
Although they are vulnerable to the
phishing tricks and tools that target
their customers, banks are still more
concerned about another ‘old enemy’,
targeted attacks. And they’ve got
good reasons to be worried, targeted
attack methods are becoming more
common-place, with malware-as-a-
service platforms even being used to
harm financial organizations.
Rising phishing and social engineering
attacks on customers have seen
banks reassess their security efforts
in this area. 61% of respondents see
improving the security of apps and
websites that their customers use as Experience of real incidents shows us
that investments into security in the
financial industry are well worth it in
most cases, financial institutions report
significantly fewer security events than
companies of the same size in other
industries, with the only exception of
targeted attacks and malware. The
detection of abnormal, potentially
malicious activity, combining
legitimate tools with file less malware,
requires a combination of advanced
anti-targeted solutions and extended
security intelligence.
Still, 59% of financial firms are
yet to embrace third-party threat
intelligence.
Sharing threat intelligence would help
banks to identify new and emerging
threats quickly, an important point
for them to note, considering the low
levels of concern banks have about
some of their most vulnerable devices,
such as ATMs. Sharing more third party
intelligence, in this respect, could help
banks prepare for threats that they
may not otherwise expect.
ATM PROTECTION: LOW
LEVEL OF CONCERN, HIGH
VULNERABILITY
B
anks show comparatively
low levels of concern about
the threat of financial loss
due to attacks on ATMs, despite
being highly vulnerable to attacks of
this nature. Only 19% of banks are
concerned with attacks on ATM and
cash withdrawal machines, despite the
growing rate of malware targeting this
part of a banks’ infrastructure (in the
2016 threats review we’ve reported
a 20% growth in ATM malware
compared to 2015).
Veniamin Levtsov, Vice President,
Enterprise Business at Kaspersky
Lab, comments: “Combatting the
constantly changing threats targeting
their own IT infrastructure and
customer accounts is an everyday
challenge for financial institutions. To
put an effective response in place -
that protects all points of vulnerability
- requires the financial services industry
to have several key components: build
a highly integrated anti-targeted
attacks protection, embrace multi-
channel anti-fraud security and get
actionable intelligence on evolving
threats.”
Financial Institutions (n-841)
Viruses & malw
Inappropriate IT resource use
employees
Physical loss of mobile devic
exposing the organisation to
Physical loss of devices
media containing dat
28% for
banks
Targeted atta
Inappropriate sharing of data
mobile devices
Types of general security event
peers in other industries.
86
INTELLIGENTCIO
86 INTELLIGENTCIO
www.intelligentcio.com
www.intelligentcio.com