16 Oct 2012
When the Financial Services – Information Sharing and Analysis Center (FS-ISAC) raises its threat level from “elevated” to “high”, banks need to take action. The combination of the recently publicized rise in cyber-attacks against financial institutions and the number of institutions increasingly vulnerable make this a time for action. While the headlines are focusing on Denial-of-Service (DoS), the most common and serious hacking schemes involve remote access, keyloggers, and more generalized Trojan software. The foundation for many of these threats that result in a successful compromise often relate directly to the underlying weaknesses (i.e., vulnerabilities) in operating systems and applications. Hackers and organized cyber criminals using techniques like phishing, webpage redirection, and other common social engineering tactics are taking advantage of these system weaknesses with more frequency than ever. Today, banks take action to prevent cyber threats by more closely monitoring the internal network to detect malware or anomalous activity. However, a heightened attention towards social engineering threats is also a must, since employees are more often a direct entry point to the internal network. While large banks often find themselves the target of attacks and spend millions to develop hardware and software protections, smaller banks are also being threatened by cyber-attacks. Fortunately, some of the most effective strategies against these attacks do not require huge capital expenditures. Smaller institutions can benefit from simply ensuring security policies and procedures are being followed and conducting audits to determine unknown weaknesses. In addition, taking the time to training users to recognize and avoid potentially dangerous spam and phishing attacks presents a significant low-cost key line of defense against attacks.