Research by Kaspersky Lab and B2B International reveals that investing in IT security is a priority for banks and financial institutions.
Financial institutions are under pressure to increase the safety, as trends like the growing adoption of mobile banking put the defenses of IT infrastructure at increased risk of cyber attacks.
Increasingly, customers play a major role in pointing out security incidents; A quarter (24%) of financial institutions indicate that some of the threats they faced in 2016 were identified and reported by clients.
According to research Security Risks of Financial Institutions by Kaspersky Lab and B2B International, investing in security is a priority for banks and financial institutions. Because they suffer attacks targeting both their infrastructure and their customers, Commercial banks spend three times more on IT security than non-financial institutions of similar size.
In addition, 64% of banks say they will invest in improving their IT security, regardless of the return on capital invested, to meet the growing demands of regulatory authority, senior management, and even their customers.
While banks make painstaking efforts and allocate resources to defend their perimeters against known and unknown cyber threats, it has been difficult to protect the variety of existing IT infrastructure, from traditional to specialized ATMs and point-of-sale terminals.
The vast and changing panorama of threats, along with the challenge of improving customer safety habits, offers scammers more and more vulnerabilities to exploit.
Emerging risks: social engineering attacks
Risks related to mobile banking transactions are highlighted in the report as a trend that can expose banks to new cyber threats. 42% of banks predict that most of their customers will use mobile banking transactions in the next three years, but admit that users are too careless in their online behavior.
Most of the banks surveyed (46%) acknowledged that their clients frequently receive phishing attacks, While 70% of banks also reported on incidents of financial fraud resulting in monetary losses.
Growing phishing and social engineering attacks on clients have led banks to reevaluate their security efforts in this area. 61% of respondents see the improved security of applications and websites that their customers use as one of their priorities, followed closely by the implementation of more complex authentication and verification of the details of starting the session (key priority for 52%).
Although they are vulnerable to phishing tricks and tools targeting their customers, banks are even more concerned about another ‘old enemy’: targeted attacks. And they have good reasons to be worried: The methods used in targeted attacks are increasingly common, with the use of malware platforms as a service to harm financial organizations.
Targeted Attacks: Persistent Threats
The experience of actual incidents shows us that security investments for the financial industry are worthwhile. Financial institutions report a significantly smaller number of events compared to security than companies of similar size in other industries, with the sole exception of targeted attacks and malware.
Detecting an abnormal and potentially malicious activity, combining legitimate tools with malware without files, requires a combination of advanced solutions against targeted attacks and extensive security intelligence. However, 59% of financial companies have not yet adopted threat intelligence provided by third parties.
Sharing intelligence against threats would help banks identify new and emerging threats faster, an important point to consider, given the low levels of concern that banks show for some of their most vulnerable devices, such as ATMs. In this sense, sharing more third party intelligence could help banks prepare for threats that would otherwise not be expected.
Protection of ATMs: little concern
High vulnerability Banks show comparatively low levels of concern related to the threat of financial losses from ATM attacks, despite being very vulnerable to attacks of this nature.
Only 19% of banks are worried about attacks on their ATMs and cash withdrawals, despite the growing malware rate targeting this part of the banks’ infrastructure.
Fighting threats that are constantly changing and targeting your own IT infrastructure and customer accounts is a daily challenge for financial institutions in terms of IT security.