Banks and credit unions have more types of cybersecurity tools at their disposal today than ever before, and it’s increasingly difficult to determine which of these tools are truly needed for any particular environment. Monetizing the budgetary value of individual security expenditures is incredibly challenging for IT security teams, so it may not be feasible to make purchasing decisions on that basis. Rather, financial institutions must assess where their security weaknesses are and identify the tools that can mitigate these weak links efficiently and cost-effectively.
Unlike many other organizations, banks and credit unions tend to have solid security tools already in place. However, threats continue to intensify, so financial institutions should periodically reassess their security posture and identify tools that can augment or replace existing solutions. This can help them avoid the data breaches that have led to significant losses and major embarrassment for other financial institutions.
Based on today’s threats and security tools, most financial institutions will find the greatest benefit from focusing on four core security areas: web security, advanced persistent threat detection, security resource consolidation and virtual environment security.
The Current Threat Landscape
Cybercriminals are increasingly focusing their attention on specific segments. The banking and credit union industry has emerged as one of the most attractive targets. Although financial institutions have long been leaders in terms of security control adoption, any organization can have weak spots in its defenses, and attackers have been taking advantage of these.
Last year, one of the nation’s largest financial firms suffered a major data breach that exposed sensitive personal information for over 76 million households and 7 million businesses. The attackers leveraged known vulnerabilities in the firm’s web applications and other software to gain unauthorized access to this data and to elevate their privileges to administrator level on dozens of the company’s servers.
Security professionals at financial institutions are already aware that their data and applications are being targeted by attackers, but they may not be aware of the increasing volume and sophistication of these attacks. Symantec’s 2015 Internet Security Threat Report has some startling statistics. For example, in 2014, attackers released more than 300 million new variants of malware. Older security tools simply cannot detect these new attacks effectively.
It’s not surprising to hear that targeted attacks are on the rise, but many of these attacks are now targeting small and midsize organizations. No enterprise is safe from today’s threats, and losses continue to increase. According to the 2015 Cost of Data Breach Study by the Ponemon Institute, the average consolidated total cost of a data breach is up to $3.8 million.
To counter today’s threats, financial institutions need to increase and accelerate their efforts to protect their data and systems. Each financial institution needs to find the balance of speed and security that meets its own unique requirements and environment.
For more information on security solutions for financial institutions, read the white paper “Cybersecurity for Banks and Credit Unions.”