Cybersecurity In Banking

Banks face millions of small attacks on their and their client’s safety every single day. Even more, millions are spent trying to prevent this from happening, and to prevent them from being successful. Gone, for the most part, are the stripe-clad robbers and guns and ‘swag’ sacks: it is on the internet that banks face the biggest threats to their security. From tackling data breaches due to phishing scams to stopping cross-site scripting (in which cybercriminals run malicious code through websites or apps, and learn users’ cookies and potentially sensitive information), banks have to be incredibly careful when it comes to their cybersecurity. With this in mind, we have put together a list of some of the biggest threats in cybersecurity that the banking and finance sector faces, and ways in which they might be reduced.

Risks posed by inadequately secure third party clients

While internal internet security at most national and global banks is generally very good, the companies who provide tech services to them may have much lower standards of safety, as well as lower conceptions of risk. Hackers frequently target these third-party companies because of this: they are much more likely to get their hands on the sensitive data they are after. A common area for such data breaches is cloud service providers, which banks now more frequently use to stores their customers’ data. To combat this, banks must stringently vet any businesses they use, both in terms of their own cybersecurity and the safety of transference of sensitive data. Implementing MFA (multi-factor identification) between suppliers can improve safety, as can the segmentation of data through the use of jump hosts at network and software levels.

Lack of consistently encrypted data

A rather basic point, but one that third parties, as well as banks themselves, need to be wary of: unencrypted data (that is, data that hasn’t been scrambled so that only authorized persons can read it) poses a massive security risk. Even if data is stolen (despite all best efforts, hopefully) it will not be immediately useable, meaning that there is a small window for possible changes and reconfiguration of data and security before the leaked information becomes functional for cybercriminals.

Problems due to insider vulnerability

A surprisingly frequent form of poor cybersecurity is phishing attacks: the targeting of work emails with the intention of defrauding staff into releasing sensitive information. Another cause of insider vulnerability is poor configuration and maintenance of server systems. This can be remedied through better training and awareness-raising with staff, potentially with rewards for attendance if uptake is low. Anti-phishing web-browsing technology can also be installed, too, and IT departments should identify any repeat offenders and install filters against these email addresses.

Insecure software and websites

Finance and banking websites have been shown to be the most vulnerable to hacking: that the sites were vulnerable to cross-site-scripting, in which code is run through a website or app, and then gain access to sensitive information and cookies. This obviously has massive implications for sites dealing with money. While there are regulations that stipulate that companies must put in steps to deal with the app and website cloning, there are other things that can be done as well: source code should be analyzed in the design stage of these places, and web application of firewalls (which can focus exclusively on software, dedicated appliances or modular firewalls) should be implemented. This will help to prevent unauthorized access to administrative or sensitive areas of banking sites and applications.

Wider access to mobile banking technology and repeat online passwords

Many more people access banking services on their phones than ever before. While this is obviously incredibly useful, it (also obviously) poses cybersecurity risks. There is no way of knowing how much attention and effort that an individual user is paying to their cybersecurity. thus leaving open the possibility of a successful hack. Even more worryingly, there are massive cybersecurity problems regarding repeat passwords: users rarely change their passwords, meaning that a successful breach of one account, or installation of malware, can easily lead to another. These problems can be remedied by the use of newer technologies like MFA (multi-factor identification) and biometric identification systems.

Add comment

By Operation System

Mac OS