Dr. Jane LeClair By Dr. Jane LeClair • April 5, 2018

Data Breaches on Financial Institutions Are Up. What Does This Mean for Cybersecurity Professionals?

When asked by a reporter why he robbed banks, infamous bank robber Willie Sutton reportedly replied, “because that is where the money is.”

Though bank robbing tactics may have drastically changed in today’s digital age, Sutton’s logic is still very much alive today; hackers around the globe are increasingly ramping up their cyberattacks on banking and financial institutions. In fact, SWIFT, the global financial messaging system, recently announced a series of new hacking attacks since a high-profile heist in Bangladesh last year netted cyber thieves $80 million. Experts have suggested the attackers exploited the Bangladesh central bank’s lax banking procedures and weak security system, and, in an effort to counter such attacks, SWIFT has begun pressuring member institutions to install the latest version of its security software. It remains to be seen if banks will comply with such procedures - no doubt, at the consumers’ expense.

Big Business

The Bangladesh heist is just one in a growing list of high-profile attacks on banking and financial services in the past year as financial services have become ongoing targets. Last year, UniCredit SpA, Italy’s premier bank, was attacked in one of the largest breaches of European banking security to date. Not to be outdone, Tesco Bank, the finance arm of the British grocery giant, had more than 20,000 customers’ accounts compromised and nearly half had funds stolen from their accounts. 

But banks are not the only targets, though they are often more attractive to hackers. Last year, Deloitte, one of the top four accounting firms in the world, was struck by a cyberattack originating from its email system and declined to share any details about the incident. And who could forget Equifax’s explosive and cautionary tale about hackers exploiting a security vulnerability last year, exposing more than 140 million consumer records over a two-month period.

Fatal Flaw

According to a May 2017 Business Insider article, the financial services industry is unusually hard hit, as it was the most attacked industry out of those examined in 2016. These companies were breached 65 percent more than the average organization in all other industries conducted in the study. And more than half were attributable to one fatal flaw:

Human error.

It is the biggest vulnerability of them all. Attacking the weakest link in cybersecurity – the employees - with multiple phishing scams allows for the inadvertent installation of harmful malware. And it’s all hackers need to achieve their aims. 

Organizations can spend millions of dollars on cyber defenses, building walls higher and more formidable, but if employees open the gates to attackers, it is all for naught. The issue is a cultural one, not a technological one. The best way to combat cyber breaches is to create a strong cybersecurity culture within the organization in which members are knowingly engaged and incorporated into that defense. Creating such a culture involves visible support from upper management, financial investment, ongoing visible reminders of security and ongoing training and education of employees.

Cyber breaches are only going to become more common and costly. Perhaps even more high-profile as hackers become more brazen in their attacks. And while technology does its part in building cyber defenses, creating a formidable cybersecurity culture requires a synergy of hardware, software and people to truly accomplish the job. 

Dr. Jane LeClair

Written by Dr. Jane LeClair

Dr. Jane LeClair is the president of the Washington Center for Cybersecurity Research and Development, and consults on cybersecurity programming at Thomas Edison State University. She has previously served as the Chief Operating Officer for the National Cybersecurity Institute. Dr. LeClair holds an MS in Cybersecurity and an EdD in Adult Education.

Subscribe to the Thomas Edison State University Blog and get the latest updates delivered straight to your inbox.

!-- start Main.js DO NOT REMOVE -->