One day I logged into my bank account and found an extra deposit of $12,741.00. Immediately, I realized there was a mistake and I would have to contact my financial institution. This experience made me think of how one small human error could have a large impact. This includes other mishaps such as well intended bank employees being victims of phishing attacks or social engineering.
As expected, banks have very strict standards and regulations to follow, but studies have found there are still often internal threats. Ransomware is a top cause of loss. Some vulnerabilities found were weak user passwords and failures during phishing tests (among other things). Multiple studies showed that most banking employees were unable to detect a phishing attack and about 25% clicked malicious email links. Some employees actually input their security credentials into fake forms and others ran malicious files. It’s obvious that there needs to be an increase in end-user security awareness training for every employee.
Attacks are sophisticated. Criminals are now using much more advanced methods that go beyond the traditional physical bank robbery to gain access to funds. Virtually undetectable skimmers on ATM machines, websites, emails, and other various online and/or in-person methods are the new attack vectors.
Attacks on financial institutions have various impacts that go beyond immediate financial repercussions. Perhaps the most difficult loss to rebound from post a data breach is the loss of customer trust and the good reputation you have spent years building. Now more than ever customers are looking for financial institutions that have good cybersecurity hygiene. Learning about and eliminating internal cyber risks not only protects your customers, but it sets you apart from the competition.