Cybersecurity in Banking: Costs, Threats, and Prevention (2023)

Online banking is prevalent today, making cybersecurity essential. Today’s cyber threats range from phishing and malware to large-scale data breaches. All carry significant financial implications that continue to escalate. But how does this affect banks and their clients?

In this article, we will explore:

Key facts and figures related to cybersecurity in banking
The biggest financial data breaches to date
The prevalent cyber threats in the banking sector
Measures banks can take to bolster their cybersecurity
Ways for customers to safeguard their banking details
And much more

Understanding cybersecurity in banking is vital for our financial safety. Let’s start.

Statistics about cybersecurity in banking

Consider these statistics and trends that showcase the current cybersecurity status in the banking industry.

The finance sector is the second most targeted industry by cyber attacks, with 18.9% of all attempted attacks. [Statista]
Account takeover (ATO) attacks occur more often on financial websites, constituting 38% of such attacks. [Imperva]
Finance-related phishing websites, including those posing as bank payments, were the most significant category of phishing sites in Q2 2022, accounting for 32.7% of all cases. [ESET]
In 2021, banking-related malware accounted for 19% of all attacks on corporate networks globally. [CheckPoint]
In 2022, the most common malware family was a banking trojan — Emotet. This trojan started in 2014 as banking malware and spread via spam campaigns that seemed like financial transactions, causing about $2.5 billion in losses. [Statista]
The finance sector experiences one of the highest average costs of data breaches, at an average of $5.85 million. [Varonis]

Phishing websites related to banking are the most common types of phishing attacks.

Most notable data breaches in the global finance sector

From 2008 to 2022, several notable cybersecurity incidents have affected the global finance industry. These breaches have compromised millions of personal records and caused substantial financial losses, underscoring the need for robust cybersecurity measures to protect sensitive financial data.

First American Financial Corp, one of the largest U.S. real estate title insurance firms, unintentionally revealed data on 885 million mortgage deals in May 2019. The data was accessible on its website, requiring no authentication, due to a design flaw, not an external cyber attack.
Equifax, one of the largest credit bureaus in the U.S., suffered a data breach in 2017 that exposed personal details of 147 million people. This breach was caused by an unpatched vulnerability in a web application framework.
Heartland Payment Systems, one of the biggest global payment processing firms, experienced a breach in 2008. Attackers installed spyware on the company’s network and stole card data during processing. The company estimated that up to 130 million records might have been compromised.
Capital One Financial Corporation, a major credit card issuer in the U.S., reported a data breach in July 2019 affecting about 100 million people in the U.S. and 6 million in Canada. Exposed data included credit scores, credit limits, balances, payment histories, and contact information.
In 2014, JPMorgan Chase, one of the largest U.S. banks, had a data breach affecting 76 million households and 7 million small businesses. Attackers gained access to customers’ contact information, but the bank reported no evidence of compromised private customer information.

In 2017, an Equifax data leak compromised sensitive information of 147 million people.

Top online banking cyber threats

Banks hold large amounts of sensitive data and financial assets, making cybersecurity in banking crucial. Here are some of the primary threats the banking sector faces and measures to mitigate them.

Remote work

The COVID-19 pandemic caused a significant shift towards remote work in many sectors, including finance. Although this change was initially a necessity, it has been maintained because many employees prefer it. However, remote work in the banking sector requires strong cybersecurity measures. Here are some ways that remote employees can ensure data protection and security:

Secure Home Network — Encrypt your home Wi-Fi network with WPA2 or WPA3 and use a strong, unique password.
Virtual Private Network (VPN) — A VPN, by encrypting all data flow, ensures a secure connection to the internet. This is particularly important when accessing confidential company information.
Secure Video Conferencing — Use secure, company-approved platforms for video conferences. Do not share sensitive information during video calls unless necessary and store recordings of meetings securely.
Follow Company Policies — Comply with your company’s remote work and cybersecurity policies.
Regular Backups — Regularly back up your work, including documents, data, and settings. Make sure your backups are encrypted and stored securely.
Security Awareness Training — Take part in any security awareness training offered by your company.

Insider threats

Insider threats occur when individuals within a company pose a security risk. These individuals may be employees, former employees, contractors, or business associates with access to sensitive information. Here are some of the potential threats:

Data Theft — Individuals inside the organization might abuse their access rights to steal critical data, including customer financial details, proprietary algorithms, or strategic plans. They may do this for personal benefit or to sell the information to competitors or criminals.
Fraud — Employees could misuse their roles to carry out fraudulent activities, like unauthorized transfers, alterations to loan terms, or manipulation of customer data.
Sabotage — Discontented employees might intentionally harm systems, erase crucial data, or hinder operations. Significant financial and reputational consequences will ensue.
Account Takeover — Insiders can use their access rights to hijack customer accounts. This may result in unauthorized transactions and possible financial losses for customers and the bank.
Phishing or Social Engineering — Insiders may unintentionally provide attackers with access to internal systems and sensitive data after falling victim to phishing or social engineering attacks.
Negligence — In some cases, threats originate from well-intentioned employees who inadvertently expose sensitive data or breach security protocols. This can happen through using weak passwords, misplacing devices, or sending information to the incorrect recipient.

Here are some strategies banks can use to prevent insider threats:

User Access Control — Implement strict access controls to ensure that employees only have access to the information they need to perform their jobs. Use the concept of least privilege, which says that users should only have access to what they need to do their jobs.
Regular Audits and Monitoring — Conduct regular audits of system access and monitor user activity. Unusual activity, such as accessing data at odd hours or downloading large amounts of data, can indicate an insider threat.
Implement a Strict Offboarding Process — When employees leave the company, immediately revoke their access to all systems and data.
Background Checks — Do thorough background checks on all employees, especially those who have access to sensitive financial data or systems.
Encourage Anonymous Reporting — Create a system that allows employees to report suspicious activities anonymously. This can help to uncover potential insider threats that might otherwise go unnoticed.

Insider threats are hazardous for banks and financial firms with large amounts of sensitive data.

Phishing attacks

Phishing attacks are a serious threat to the banking sector. Cybercriminals use disguised emails or websites to trick individuals into downloading malware or revealing personal information. Both employees and customers in the banking industry can fall victim to phishing. Here are some strategies to prevent phishing:

Customer Education — Banks should inform their customers about phishing threats and how to identify them. Instructions should cover suspicious emails, texts, or websites that could aim to steal their personal and financial details.
Anti-Phishing Policies — Financial institutions can establish comprehensive anti-phishing policies and procedures. These policies should be conveyed to customers, so they know what type of communication to anticipate from the bank and what would be considered a phishing attempt.
Website Security Certificates — By utilizing secure websites (HTTPS) and security certificates, banks can reassure customers that their online banking site is authentic and secure.
Phishing Attempt Reporting — Banks can encourage customers to report any suspected phishing attempts. This can aid banks in identifying and addressing security vulnerabilities and tracking down the culprits.
Employ AI and Machine Learning — These technologies can assist in detecting and thwarting phishing attacks by identifying patterns and irregularities that could signify a threat.

Spoofing

Spoofing is like phishing but is often more sophisticated. Various types of spoofing attacks exist, all employing some form of impersonation. Domain spoofing involves creating a deceptive version of a genuine domain designed to trick users into surrendering login credentials and personal details. This method relies on the probability that individuals won’t scrutinize closely if a website appears authentic.

Spoofing is also done by calling or texting customers with a fake phone number from a financial company. The bank’s correct caller ID appears on the customer’s phone, making it challenging for customers to discern whether the message is legitimate.

Here are ways financial institutions can counteract spoofing:

Authentication Protocols — Use strong authentication methods like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC). These can check if the sender’s IP address corresponds with the IP stored in the DNS record, preventing email spoofing.
Secure Email Gateways — Utilizing secure email gateways equipped with anti-spoofing measures can filter out emails from spoofed domains.
Network Configuration — Set network devices to reject packets from outside the local network claiming to be from within.
Monitoring and Anomaly Detection Continually observing network traffic and usage patterns can help you detect unusual activity that may signal a spoofing attack.

Malware and ransomware

Malware and ransomware attacks have emerged as some of the most formidable threats over recent years. The danger isn’t confined to financial services; almost all sectors are susceptible to these attacks. These harmful malware attacks are becoming increasingly prevalent and sophisticated.

In response, organizations are adopting cybersecurity strategies to combat these sophisticated threats. Machine learning, AI, and behavioral analysis methods are becoming commonplace in cybersecurity.

Here are some malware prevention tips for financial institutions:

Employ Advanced Threat Protection Solutions — These solutions can identify and halt advanced malware attacks before they can infiltrate your systems.
Adopt Network Segmentation — By partitioning your network into separate segments, you can hinder malware from increasing throughout the entire system.
Regular Backups — Ensure regular data and system backups. In case of a malware attack, this can assist you in restoring your systems to their pre-attack state.
Limit User Privileges — Restrict user privileges to those necessary for each employee’s tasks. This strategy can help thwart malware from accessing sensitive areas of your system.
Employ a Robust Firewall — A correctly configured firewall can help shield your network from external attacks.
Frequent Security Audits — Regularly scrutinize and audit your security measures to identify potential vulnerabilities and areas requiring enhancement.

Behavioral analysis and AI/machine learning are becoming mainstream malware-fighting technologies.

Data breaches

Data breaches refer to incidents where unauthorized parties gain access to confidential data. For financial institutions, a data breach could expose sensitive information, such as customer personal details, financial records, and transaction data. These breaches can have many consequences, including monetary losses, reputational harm, and legal repercussions.

To avert and mitigate data breaches, financial institutions can adhere to the following guidelines.

Frequent Audits — Conduct security audits on a regular basis to find and fix any potential vulnerabilities.
Encrypt Sensitive Information — Encryption renders data unreadable to those without the decryption key, safeguarding it even if it ends up in the wrong hands.
Establish Robust Access Controls — Only those with permission should have access to sensitive information. Multi-factor authentication can give an additional degree of protection.
Use Advanced Threat Detection Technologies — AI and machine learning can assist in identifying unusual activity or patterns that may signal a data breach.

DDoS attacks

In a Distributed Denial of Service (DDoS) attack, the attacker overwhelms a server, network, or service with excessive traffic, making it inaccessible to legitimate users. DDoS attacks can severely disrupt operations and sometimes serve as cover for other malicious activities. Here are some methods to prevent and mitigate DDoS attacks:

Enhance Bandwidth — Extra bandwidth can assist in handling unexpected traffic surges. However, this isn’t an infallible solution, as attackers can generate additional traffic.
Utilize Anti-DDoS Solutions — These solutions can detect and filter DDoS traffic before it hits the institution’s network. This could encompass on-site hardware, cloud-based services, or a hybrid of both.
Introduce Redundancy — By distributing network resources and data across various locations, institutions can ensure that if one server or data center is targeted, others can maintain service provision.
Collaborate with ISPs and Hosting Providers — These partners can offer additional support in mitigating DDoS attacks, such as by redirecting malicious traffic or blocking it upstream.

DDoS attacks might mask other malicious activity.

Supply chain attacks

Cybercriminals leverage supply chain attacks to gain system access via an external partner or service provider. For financial institutions, this can include any third-party supplier, such as software vendors or hardware manufacturers, with access to the institution’s network or data.

Financial institutions can adopt these strategies to prevent and mitigate supply chain attacks:

Risk Assessment of Vendors — Carry out comprehensive security evaluations of all third-party vendors before signing contracts, and continue these assessments periodically throughout the relationship.
Restrict Access — Provide third-party vendors with only the minimum level of access required for their tasks. Regularly review and revise these access levels as needed.
Monitor Vendor Actions — Monitor and audit vendor activities to identify any unusual or potentially suspicious behavior.
Enforce Robust Authentication Measures — Mandate the use of strong, unique passwords and multi-factor authentication for all third-party access to your systems and data.
Establish Cybersecurity Standards for Vendors — Set cybersecurity standards for vendors, which include stipulations for security practices, incident response capabilities, and regular security audits.

ATM fraud

ATM fraud poses a significant threat to banks as it can result in substantial financial losses and harm to the bank’s reputation. There are several forms of ATM fraud. Here are some strategies banks should employ to prevent ATM fraud:

Routine Checks — Carry out regular ATM examinations for any tampering indications, such as skimming devices, hidden cameras, or unauthorized equipment.
Software Maintenance — Regularly update ATM software and hardware, including security patches and updates, to guard against known threats.
Implementing Access Controls — Establish robust access controls to limit physical access to the ATM and access to the ATM’s network and software systems.
Data Encryption — Utilize encryption to safeguard data transmitted from the ATM to the bank’s network.
Anti-Skimming and Anti-Shimming Measures — Install devices or software capable of detecting the presence of skimming or shimming devices.
Physical Security Protocols — Install security cameras, tamper alarms, and other physical security measures to dissuade criminals.
Promote Cardless Transactions — Encourage cardless ATM transactions, like those using mobile wallets or biometric authentication, which can help reduce the risk of skimming or card trapping.

Top cybersecurity frameworks for financial institutions

Cybersecurity frameworks provide structured guidance and best practices, helping organizations effectively manage and mitigate cybersecurity risks. Several highly regarded frameworks can assist financial institutions in enhancing their cybersecurity posture. The following are the top cybersecurity frameworks for these institutions:

NIST Cybersecurity Framework (CSF) — The National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework (CSF). It’s a comprehensive, risk-based framework assisting companies in managing and reducing cybersecurity risks. It focuses on five main tasks: identify, protect, detect, respond, and recover.
ISO/IEC 27001 — This standard was established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It’s used worldwide to set up an Information Security Management System (ISMS). The system employs risk management processes, policies, and controls to ensure that information is protected and always accessible.
CIS Critical Security Controls (CSC) — The Center for Internet Security (CIS) developed the CIS Critical Security Controls. The CIS consists of 20 steps to improve cybersecurity, ranked by importance. These controls emphasize precise, actionable measures organizations can undertake to protect against prevalent cyber threats.
FFIEC Cybersecurity Assessment Tool (CAT) – The CAT was created by the Federal Financial Institutions Examination Council (FFIEC) to help financial institutions with cybersecurity. The tool provides a repeatable and measurable way to determine an institution’s cybersecurity maturity in different areas.
Factor Analysis of Information Risk (FAIR) — FAIR is a risk management framework that quantifies information risk in financial terms. By assigning monetary values to risk factors, FAIR allows organizations to make more informed decisions about their cybersecurity investments and risk mitigation strategies.
Payment Card Industry Data Security Standard (PCI DSS) — DSS is a set of security rules ensuring that all businesses process, store, or transmit credit card information safely. Although it targets the payment card industry specifically, many of its principles and controls can be broadly applied to enhance the security of financial institutions.
SWIFT Customer Security Programme (CSP) — The Society for Worldwide Interbank Financial Telecommunication (SWIFT) created the CSP to support its customers, primarily banks and financial institutions, in protecting their SWIFT-related infrastructure from cyber threats. The program outlines a set of mandatory and advisory security controls for participants to implement and self-certify their compliance.

There are several effective frameworks that can enhance a bank’s cybersecurity.