Banking has become increasingly digital. These days, consumers are able to check their account balances, apply for loans and credit cards, pay bills and transfer money all online. While this shift has increased the convenience and accessibility of financial services, it’s also resulted in a growing number of cyber threats aimed at taking advantage of financial institutions and their customers.
Cybersecurity in banking brings financial services providers proactive solutions for regulatory compliance, network security, data encryption and threat monitoring. The precautions needed to safeguard online financial activities range from awareness and training for employees and customers to routine risk management assessments.
What Is Cybersecurity in Banking?
Cybersecurity in banking covers the technology and protocols for preventing and responding to attacks that target financial institutions’ data, networks and digital infrastructure. The financial sector is an obvious treasure trove of sensitive data and money, which makes it catnip for hackers. The industry poses compelling challenges, such as the potential vulnerabilities related to remote work or risky customer behaviors that can be difficult to control.
For Lora McIntosh, chief information security officer at Simmons Bank, cybersecurity requires constant attention. She manages teams that focus on monitoring tools, researching alerts and managing user access levels. McIntosh also handles IT governance, an umbrella term for the company’s security policies, standards and procedures — for example, the protocols users should follow before connecting to the bank’s network.
There’s a fundamental asymmetry to McIntosh’s job: Whereas hackers and malware distributors only need to find one security hole to infect an entire system, McIntosh and her team must maintain robust defenses around the clock. When attacks are identified, the bank must be quick to strategize. For example, potentially compromised clients need to be contacted to reset their passwords, and computers that might have been infected with malware must be quarantined so they don’t spread the virus to other machines on the bank’s network.
“It’s triage,” McIntosh said of how her organization reacts to attacks. In other words, they handle a security crisis like an overrun emergency room, treating the most dangerous wounds first.
Importance of Cybersecurity in Banking
In addition to being upsetting, financial sector breaches can be wildly expensive. By one estimate, major financial institutions face hundreds of thousands of online attacks every day — multiple incursions each second. Data breaches cost financial organizations an average $5.97 million, according to a 2022 IBM report that studied more than 500 organizations across various industries that had been impacted by attacks.
Beyond the peril of racking up substantial bills that can continue to affect institutions well into the future, there’s also the risk that cyber attacks could put bank customers’ sensitive information in jeopardy. Banks are entrusted with data such as account numbers and social security numbers. In the hands of attackers, that kind of information can be used for fraud or identity theft.
Types of Cybersecurity Threats to the Banking Industry
Phishing, an example of social engineering, involves a cybercriminal posing as a trusted person or organization – often via email – in order to trick someone into divulging sensitive information or exposing their computer or network to malware.
In the financial services sector, phishing attacks can look like a bank employee receiving an email from a malicious source who has designed the message to appear as though it was sent by a bank executive. That email includes a link for the recipient to reset their login credentials. Though the website appears legitimate, it was actually manufactured by the attacker to capture the target’s username and password or infect their computer with malware intended to compromise the bank’s network or data. Cybercriminals also execute phishing attacks by pretending to be a representative of a bank or other financial institution so that they can defraud their customers or steal their identifying data.
Phishing is an increasingly common type of cyber threat. The FBI’s Internet Crime Complaint Center fielded more than 800,000 complaints in 2022, with phishing attacks at the top of the list, according to an annual report. The IBM report identified phishing as the second most common cause of data breaches.
Ransomware attacks use a type of malware that encrypts a user or organization’s files or data to block their access. The culprit then requests ransom money in exchange for decryption. Sometimes they also threaten to release or sell sensitive information if they don’t receive payment. Ransomware was responsible for 11 percent of data breaches in 2022, the IBM report found, costing organizations an average $4.54 million, not including the dollar amount for the actual ransom. A VMware report showed 74 percent of financial institutions were hit by at least one ransomware attack, with more than 60 percent paying the ransom.
A cloud attack encompasses any cyber attack that takes aim at an organization’s cloud infrastructure, such as injecting malware into an organization’s SaaS system. More than 40 percent of the data breaches included in the IBM report occurred in the cloud.
A survey by the American Banking Association and Crowe revealed more than 90 percent of respondents in the banking industry maintain at least some data, applications or operations in the cloud. Off-premise cloud storage is “a big paradigm shift” for the banking field, McIntosh explained.
“The old security mentality was: I've got a building and then I'm going to put some walls around it and I put up a moat and a drawbridge and all these perimeters and defenses,” she said.
In other words, it was all about on-premise data storage. The notion of entrusting sensitive information to outside servers banks can’t directly manage raises security questions.
Supply Chain Attacks
Cybercriminals who employ supply chain attacks infiltrate organizations through a third-party vendor. In these cases, the attacker first targets software that is trusted by larger entities. They look for weak points that allow them to install malware. When an organization unknowingly contracts with a vendor that’s software has been infected, access granted to the organization’s network or data can create an opening for an attacker to strike. The IBM report indicated 19 percent of the data breaches it reported occurred as a result of a supply chain attack, which on average took longer and was more costly to identify and contain.
Cybersecurity Solutions for Banks
Banks and other financial institutions need a diverse lineup of tools in their cybersecurity arsenal. Their defenses must be able to accommodate emerging technologies as well as address an evolving threat landscape. The majority of VMware survey respondents indicated they plan to increase their budgets by 20 to 30 percent, identifying their top six security investments as extended detection and response (XDR), workload security, mobile security, threat intelligence, managed detection and response and container security.
“We're not just going and buying the latest, greatest thing,” McIntosh said of infosec professionals in the finance sector. “[We’re] very strategic.”
The same goes for machine learning solutions, though McIntosh sees potential applications in banking — especially in fraud protection.
“If you think of the amount of raw data that [our systems] ingest on a daily basis… [it’s] thousands and thousands of events per second. Humans cannot make sense of all that data,” she said. “In the next couple of years I think that we're going to have better algorithms to analyze that data.”
But it’s a slow process. Machine learning algorithms must be trained to read cues the way human security officers do, and they need to be integrated into ultra-secure software.
6 Examples and Applications of Cybersecurity in Banking and Finance
Examples of Cybersecurity for Banking and Finance
- Endpoint security for safeguarding physical devices.
- Early detection of high-risk or suspicious behavior.
- Protections against losing or deleting data to prevent non-compliance with financial regulations.
- Mitigating phishing and ransomware attacks.
- Incorporating intelligent technology into security solutions.
- Network security to shield digital infrastructure.
1. Microsoft Provides Endpoint Security
Microsoft has multiple product families that provide cybersecurity solutions for businesses and enterprises, including banks and other financial services providers. For example, Netherlands-based financial services corporation ING, employed Microsoft Defender for Endpoint as part of its XDR strategy and used Microsoft 365 Defender for email protection, which includes identifying and blocking attempted phishing attacks.
2. Forcepoint Flags Risks in Real time
Forcepoint’s security platform constantly weighs security against convenience by calculating constant real-time risk scores for each user to carefully distinguish accidental flubs from suspicious behavior. The lowest-risk users then face fewer authentication hurdles in the Forcepoint system, while higher-risk users — potential hackers or internal threats — are flagged. This user-centric system protects on-premise and cloud-based data centers equally well. It can also scan webs of disparate endpoints, including computers and phones, for trouble. For the finance industry, the company’s solutions can be used to protect crypto assets and help defend banks against ransomware and other sophisticated cyberattacks.
3. Proofpoint Protects Against Attacks That Threaten Compliance
Proofpoint offers protection against some of the fringe digital threats faced by financial institutions and other prime hacker targets. The software safeguards enterprise social media accounts (which can be used to phish customers, among other things) and screens attempted hacker invasions via social engineering. The platform even protects against non-compliance threats using ultra-modern archiving features that ensure banks neither lose nor delete data that must legally be on hand.
4. Check Point Combats Phishing and Ransomware Attacks
Check Point provides an array of cybersecurity solutions, including products to combat attacks like phishing and ransomware, detect cloud threats and keep unauthorized users from accessing protected data. The company’s endpoint security suite can protect physical devices like ATMs and card readers, and its offerings also help financial services organizations ensure they’re compliant with applicable regulations.
5. CrowdStrike Provides Solutions Powered by Intelligent Technology
CrowdStrike’s Falcon platform is a cybersecurity solution that protects enterprises, using analytics and intelligent technologies for identifying and responding to threats. The company says its customers include five of the world’s 10 largest financial institutions. The cloud-native Falcon platform provides protection that spans across on-premises, virtual and hybrid cloud environments, and it supports customers in the financial services industry with fulfilling their regulatory compliance obligations.
6. Fortinet Secures Network traffic
Fortinet's cybersecurity offerings include products for network security, zero trust access and cloud security. For the financial services sector, Fortinet’s firewall solutions can be used to secure electronic trading infrastructures, and its Secure SD-WAN product can secure network traffic between bank branches and headquarters.