Financial institutions are among the most targeted businesses by hackers. Are banks doing enough to protect their customers' accounts and data?  

Cybercrime is a rising threat, and banks rank high on hackers' list of targets. Are banks doing enough to protect themselves and their customers? And if not, what measures can they take to keep hackers at bay?

Cybersecurity expert, Earl Foote, from Nexus IT shares his insights into the world of cybersecurity and banking.

Banks and Cyber Crime

A Forbes report highlights several statistics regarding banks and cybercrime:

• Cybercrime costs banks more to recover from than businesses in any other industry.

• The rate of breaches in the financial sector has increased by 300 percent over the past five years.

• Banks are breached by hackers 300 times more frequently than firms in other industries.

• Cybercrimes cost banks over $1 trillion each year.

Navigating the Rules and Regulations

Ever-shifting regulations are a major obstacle to bank security. Since the first banks were established hundreds of years ago, industry leaders had to establish various rules in accordance with the times. Today's digital landscape offers infinitely greater flexibility and convenience for both law-abiding citizens and criminals. The premier issue is how best to prevent fraud and data breaches in a rapidly evolving digital sphere.

The nature of these regulations gives hackers an advantage. Criminals quickly adopt new technologies and discover how to exploit vulnerabilities without having to sort out the rules. Banks, on the other hand, must carefully abide by the rules, making it difficult to keep up with the bad guys.

Internal Threats

Most banks are well-protected from external threats, but experts believe that threats from within pose the greatest risk. These threats can manifest in many forms, from careless employees to software vulnerabilities to outdated hardware. Banks are taking measures to educate and train employees on cybersecurity protocol, but the basics aren't enough to combat well-versed hackers.

Key Components of Bank Security

• Implement a multi-layered email strategy. Email is the most common gateway through which hackers enter. As such, it requires multiple layers of defense including Sender Policy Framework (SPF), DomainKeys Identified Email (DKIM), and Domain-based Message Reporting and Conformance (DMARC). The combination of these protocols should prevent phishing attacks and minimize the risk of Business Email Compromise (BEC).

• Establish checks and balances within the organization. Whether it's authorized by the CFO or a newly-hired employee, a financial transaction must undergo a series of checks and verifications before being approved.

• Deploy tailored training programs. A generic video on cybersecurity won't cut it. A successful training program presents information in multiple ways to cater to all types of learning styles. Some employees may prefer a bulleted list of actions, while others learn better through real-life examples and hands-on simulations. The training should be mandatory for all departments in the bank.

What About Inside Jobs?

Even with the above strategies in place, and ill-intentioned employee can still cause extensive damage. Banks must work closely with their network security team or a trusted managed services provider (MSP) to detect and respond to unusual activity. Round-the-clock monitoring is a must. Analysts can spot outliers in data access patterns and other key indicators of possible fraud. Stringent access management would grant or deny user access to files and update permissions instantly to minimize windows of opportunity. Lastly, using attribute-based access (ABA) ensures that employees can access only the files needed for a specific task.

As technology evolves, so will the cyber crimes that exploit it. Banks will always be a high-profile target, and leaders in the financial industry must stay on top of their cybersecurity protocols. Partnering with MSPs and raising awareness among customers can help curb potential data breaches.