Criminals have targeted banks since time immemorial. Hollywood has capitalized on making movies on bank heists, and while techniques have changed over the years, banks are still among the most highly targeted institutions.
In the old days, physical bank heists were dangerous jobs full of risks of being shot or arrested. Enter the internet. Cybercrime became the novel way of robbing banks. Cybercriminals hack into banks’ servers and steal clients’ PII (Personally Identifiable Information) so that they can steal funds from the accounts.
Banks face significant risks from cyber-crime, which include, but not limited to:
Phishing is perhaps the most common cybersecurity risk in the banking industry. It is also one that keeps evolving. Phishing is an attempt by cybercriminals to gain access to sensitive client data while impersonating the bank. Phishing messages look authentic and can fool many people. Phishing emails are very convincing, down from the impeccable wording to flawless logo imitations. There are different types of phishing such as:
- Spear phishing, which is more targeted and sent to someone whom the hacker already has their name, bank where they work, job title, email address and their roles. The hacker may trick the bank employee to divulge information such as passcodes and login details.
- Whaling, which is more targeted at CEOs
- Vishing, which uses Voice over internet protocol (VOIP) to trick the recipient they are speaking to a genuine entity and ask them for sensitive data
- Smishing, which uses SMS messages to trick the user into clicking on a malicious link, or divulging personal information
The Exploitation of IT (Internet of Things)
Most hacking attempts come from vulnerabilities in software, and sometimes, vulnerable hardware such as a router that has an unsecured connection. Most people are not aware of how their IoT devices can be exploited since they do not have the same level of security as computers.
An unsecured IoT device such as a printer, IP camera or router is vulnerable to hacking. As banks, automate more services, the number of gadgets and potential security loopholes increases. To breach a bank, an attacker only needs to attack unsecured devices to gain access to the network, including client data.
Downloading a VPN will mitigate IoT exploitation by creating a secure tunnel between your devices and the internet. The VPN also encrypts all data sent and received; ensuring hackers do not get a loophole for exploiting the devices, especially if you use public Wi-Fi. A VPN is easy to install and allows you to hide your IP address and location from hackers who may be trying to steal information from unsecured networks
Credential stuffing is a type of attack, which targets the personal information of banks’ clients. Using the stolen data, cybercriminals can gain unauthorized access to accounts that use automated login requests. The stolen data is used to jam servers and websites to try and gain access to crucial IT infrastructure. These criminals obtain a list of logins and keys from the dark web. This saves them the time that they would otherwise have used to guess the passwords.
Hackers use an automated process, which logs in to millions of compromised usernames and passwords using basic web automation tools. Credential stuffing is different from the brute force in that the former, attackers use passwords and usernames that they know were in use at some point. Credential stuffing is an emerging cyber threat that promises to get worse in the coming years.
Ransomware is malware that encrypts information, making it impossible for the data owners to access the data unless they pay a ransom. In 2017, the WannaCry virus spread like wildfire through Microsoft Window devices, leaving in its wake thousands of infected computers and making 327 payments that totaled to $137,700.
Per year, ransomware costs businesses more than $75 billion in damages. Ransomware is still among the most common cybersecurity threats. According to a Kaspersky Lab report, the statistics show attacks originated from more than 190 countries. Ransomware attacks that are a success are mainly on small banks, which have no IT resources, outdated protocols and security tech, and no endpoint protection.
Since the inception of banks, there has not been a shortage of theft attempts. From bank heists with guns, things have toned down to thieves hiding behind screens. The dark web is full of hackers who trawl the web, stealing data for resale to others who are willing to hack the banking systems.
Cybersecurity is a significant concern for the banking industry. Cybercriminals keep getting more sophisticated in their tactics. If banks do not keep abreast of what is going on in their systems, they are likely to get hacked, incurring huge monetary and social losses. A bank’s data breach means loss of reputation and lawsuits from clients, which may lead to the eventual downfall of the bank.