The biggest threats of financial crimes against banks and financial institutes stems from cyberspace. A barrage of malicious cyberattacks is shaking global financial institutes to the point where they are no longer assuming they can keep hackers at bay, and instead have gone on to wage guerrilla warfare from within their networks.
The growing adoption of mobile banking makes the IT infrastructure in financial institutes increasingly vulnerable, leading to an increased risk of cyberattacks. Fortunately, customers play an important role in pointing out security incidents: 24% of financial institutions indicate that some of the threats they faced in 2016 were identified and reported by customers themselves.
According to the research ‘Security Risks of Financial Institutions‘ conducted by Kaspersky Lab and B2B International, banks and financial institutions spend three times more on IT security than nonfinancial institutions of similar size. In addition, 64% of banks say they will invest in improving their IT security, regardless of the return on capital invested, to meet the increasing demands of regulatory authority, senior management and even their customers.
Social engineering attacks on bank accounts
Growing phishing and social engineering attacks on customers have led banks to reevaluate their security efforts in this area. 61% of respondents see the improved security of applications and websites that their customers use as one of their priorities, followed closely by the implementation of more complex authentication and verification of the details of starting Session.
On the contrary, scammers use many methods to get people’s financial data. One method is to use social engineering: they make copies of known web banking sites, send emails to the bank, make phone calls to elected victims or even visit their homes in police uniforms. However, information is most often stolen without personal contact: cybercriminals intercept information on public Wi-Fi networks, use Trojans to collect sensitive data from users’ devices, and so on.
ATM Protection: Low concern, high vulnerability
Banks show comparatively low levels of concern related to the threat of financial losses from ATM attacks, despite being highly vulnerable to such attacks. Only 19% of banks are concerned about attacks on their ATMs and cash withdrawals, despite the growing malware targeting this part of the banks’ infrastructure.
It is a fact that infrastructure and technological applications are being targeted because of existing vulnerabilities either because they do not have appropriate protection measures or because of constant change, factors that make it increasingly difficult to keep security measures up to date.
A global study revealed that 98% of Internet users manage their bank accounts online or even shop online. Experts also report on the growing interest of cybercriminals in this area: in 2016, Kaspersky Lab protected about 1.9 million users of malware that attempted to steal money from their bank accounts.
Risks related to mobile banking transactions can expose banks to new cyber threats, partly because users are too careless in their online behavior, however, only 64% of banks said they will invest in improving their computer security.
According to the report, 42% of banks predict that most of their customers will use mobile banking transactions over the next three years and 46% admit that their clients frequently receive phishing attacks, according to research on Security Risks of Financial Institutions. In addition, 64% of banks say they will invest in improving their IT security, regardless of the return on capital invested, to meet the growing demands of regulatory authority, senior management and even customers.
Targeted Attacks: Persistent Threats
Detection of an abnormal and potentially malicious activity, combining legitimate tools with malware without archives, requires a combination of advanced anti-targeting solutions and extensive security intelligence. However, 59% of financial institutes have not yet adopted threat intelligence provided by third parties.