Banks being hit by wider network of cyber attacks

Financial institutions are now being hit by a wider range of cyber criminals with banks in particular being considered vulnerable targets, according to a cyber security analyst.

“This year has been very good for cyber criminals. We’re seeing threats coming from nation-sponsored groups, private groups, from individuals, and it’s growing. These guys are getting more and more sophisticated at what they do,” says Victor Acin, at security firm Blueliv.

“Banks are trying really hard to protect themselves and their clients and they can try to receive as much cyber intelligence as they can, but there’s a lot of components to keep secure in the organisation. For starters banks generally have the oldest infrastructure around. That’s probably being abused by cyber criminals.”

According to an Accenture report published earlier this year, banks, capital markets firms and insurers spend on average $18.5m annually to deter cyber criminals, $5m more than other industries.

For Acin, banks are more vulnerable because of the variety of attacks, as well as the number of potential weak points across their supply chains.

“One very important aspect of each bank’s ecosystem is the user itself,” he says. “The bank can implement as many security measures as it can, from multiple providers, but the bank users have to be educated, the bank tellers have to be educated, and they have to be on the lookout for very different types of threats.”

“A regular financial institution such as an insurance company might have to be aware of a targeted threat specifically tailored to insurance – for example credential threats. But for a bank the attacks can be far more varied – credit card cloning, point of sale infections where honest retailers are being infected by malware and there are many more.”

Regulators across the globe are attempting to put rules in place to thwart the rise of cyber crime, with 72 percent of countries initiating legislation to combat criminals, according to the United Nations Conference on Trade and Development (Unctad). For Acin, however, regimes such as Europe’s second payments directive (PSD2) and the open banking initiatives are just as useful.

“Everyone involved should have an easier time of keeping up to date with potential threats, I think, because everyone is far more connected. There’s a far better reaction time as well when there’s a lot more collaboration. Even sharing between competitors with all the information and intelligence we have has got to bring more clarity to the market so we can actually fight the cyber criminals.”

Related reading