Things have changed a lot since the days of bank robberies by the likes of Bonnie and Clyde. In today’s digital world bank robbers are often anonymous faces behind a computer screen, and a traditional vault won’t keep your digital valuables safe anymore. Criminals no longer need to physically break into the bank, they can hack its systems in safety from thousands of miles away and make off with billions without breaking a sweat. It’s not just theft that’s a problem either; cyber-criminals have also developed ways to disrupt services to prevent financial firms from trading, inflicting a catastrophic loss of short-term revenues and long-term reputational damage.
The Verizon 2015 Data Breach Investigations Report found that two-thirds of all cyber-attacks against the finance industry over the last year followed just three basic patterns, giving some vital clues as to what to watch for and how to guard against them.
Attack #1 — Denial of Service (DoS)
DoS attacks accounted for over a third (32 percent) of incidents in the finance industry and are continuing to grow in size and frequency. Unlike other attack types, which expose sensitive data like payment card details, intellectual property or health records, DoS attacks are primarily about disruption. Essentially, these attacks flood online systems, such as internet banking sites or online trading platforms, with vast amounts of data in order to overload them and take services offline. DoS attacks can last several days, so it’s vital to have a plan in place to deal with such a threat.
Some basic tips for mitigating the risk of a DoS attack include:
- Be the man with the plan: Ensuring company policies include dealing with larger attacks and briefing key operations staff on the best course of action if an attack occurs is a vital first step in being ready to deal with a DoS attack. There should also be a solid strategy that details what should be done if the initial anti-DoS service fails.
- Put the plan through its paces: It’s best not to wait for an incident to occur to discover that there are gaps or failures in the response plan; it should be tested in advance to make sure it works. Tests should be undertaken regularly as infrastructure and processes change and as new DoS techniques emerge.
- Don’t put all your eggs in one basket: It’s best not to allow less important systems to act as a gateway to more important ones. Critical systems should be segregated onto different network circuits.
Attack #2 – Crimeware
Crimeware was present in 16 percent of all security incidents in the finance industry last year. In this form of attack, malware is used to compromise systems to gain access to confidential information or sensitive data. These incidents vary in intent and design, but are typically financially motivated; such as the use of keylogging software to capture bank account details entered on a user device. As is so often the case, people are often the weak link in the chain; social engineering techniques like phishing are used to get crimeware on to user devices in 28 percent of incidents. Some basic measures for reducing the risk of falling victim to these attacks include:
- Expect the expected: Chances are that malware will get onto any system at some point, so it’s best to be prepared by monitoring any new programs or executable files that have been introduced and use anti-virus systems to deal with those identified as malicious.
- Monitor traffic: It’s possible to identify command-and-control traffic from malware to known malware servers by using network monitoring.
- Don’t rely on passwords: User credentials account for 30 percent of stolen data. However, by implementing two-factor authentication, this information can be prevented from being used to cause damage.
- Educate staff: Simple procedures and best practices can be implemented, including training staff not to click on links or open attachments in emails from unknown senders, or enter their credentials on untrusted websites.
Attack #3 — Web app attacks
More than 14 percent of incidents in the finance industry fall into the web app attacks pattern. This is when attackers use stolen credentials or exploit vulnerabilities in web apps — such as content management systems (CMS) or e-commerce platforms. Nearly all the web app attacks in 2014 were opportunistic and aimed at easy marks. Most attacks made use of stolen credentials, usually harvested from customers’ devices. Some basic tips for reducing the risks of being hit by a web app attack include:
- Implement quality assurance: Tighten controls around posting documents to websites and regularly scan public-facing sites for sensitive data.
- Consider Data Loss Prevention (DLP): DLP products can catch broken internal processes, and detect or block sensitive information from being sent via email.
- Train your staff: Training staff on how to dispose of sensitive data and assets can have a real impact on reducing security incidents. Documents and computers can’t just be thrown away.
Sometimes it can feel like you’re fighting a losing battle when it comes to defending against malicious attacks – especially given the high-value target that the finance industry presents. However, it’s important to remember that there are many simple and often overlooked steps that can help to even the odds and give defenders a fighting chance. Following the steps above are a good starting point, but ensuring that threats are recognised as soon as possible is key to minimising the damage they cause. With 38 percent of breaches remaining undiscovered for months or longer, financial organisations must put in place processes to monitor IT systems so they become aware of a threat as early possible, or all their efforts will be in vain.