For many financial institutions, the massive data breach experienced by JPMorgan Chase served as a wake up call to reevaluate their cyber security postures. Institutions of all sizes realize that they must keep abreast of new and complex regulations while also having a solid cyber security plan in place that allows them access, manage, safeguard and recover their data in case of a cyber attack. However, faced with an increasingly sophisticated threat landscape, they often find it difficult to keep up with the latest developments and integrate new technologies into their product offerings.
Cyberattacks against banks are becoming more frequent
The New York Department of Financial Services queried 154 financial institutions about their cyber security programs, costs and future plans. The objective of the survey was to gain a general perspective of the financial services industry’s efforts to prevent cyber crime, protect consumers and clients in the event of a breach, and ensure the safety and soundness of their organizations. The subsequent report issued by the Department found that cyberattacks against banks are “becoming more frequent, more sophisticated, and more widespread.” The report also indicated that smaller institutions such as community and regional banks, credit unions, money transmitters and third-party service providers such as credit card and payment processors have experienced attempted breaches.
Cyber security threats are consistent across institutions, regardless of size
According to the report, most institutions regardless of size, experienced intrusions or attempted intrusions into their IT systems over the past three years. While methods varied, the most common incidents involved the following:
- Malicious software (malware) – 22%
- Phishing – 21%
- Pharming – 7%
- Botnets or zombies – 7%
The most frequent types of wrongful activity resulting from a cyberattack included:
- Account takeovers – 46%
- Identity theft – 18%
- Telecommunication network disruptions – 15%
- Data breaches – 9%
Large institutions also cited mobile banking exploitation (15%), ATM skimming/point-of-sale schemes (23%), and insider access breaches (8%).
Cyber security breaches are impacting financial institutions’ bottom line
Institutions that experienced monetary losses in the past three years due to cyber security breaches listed customer reimbursements (76%) as their top expense, followed by audit and consulting services (52%) and deployment of detection software, services and policies (45%). Many institutions also factored in loss of customer business (38%) and damage to brand/reputation (31%).
Financial institutions face cyber security testing in their future
In light of the challenges post by increased cyber threats, the New York Department of Financial Services plans to add a cybersecurity component to its examination procedures. The examination will review a bank’s cyber security incident response and event management, access controls, network security, vendor management, and disaster recovery procedures to determine their “cyber readiness.”
HOSTING security and disaster recovery services
The HOSTING team of security and compliance experts works with financial institutions of all sizes to implement a compliant, cloud-based cyber security program that ensures the safety and integrity of their business-critical data. Our disaster recovery services help organizations meet regulatory compliance, safeguard against malicious attacks, and provide continuous service excellence to their customers. Contact us today to discuss your specific needs.