Data breaches negatively affect a financial institution’s bottom line. But even worse and harder to recover from is the damage to your brand. It’s an arms race between bad actors and the threats they have in their arsenals versus a financial institution and the defenses they have in place—and the balance is in constant flux. The prize the attackers are after is worth it and extremely valuable: customers' personally identifiable information (PII).
Brute force and credential stuffing attacks are the holy grail for bad actors and do the most damage: customer takeovers and account lockouts.
PREVENT via strong password policies and multi-factor authentication (MFA).
STOP via early detection and identifying increases in failed logins.
If successful, these attacks take the “services” out of financial services. Common impacts include customers suddenly being unable to access banking apps for core services, slowing your network to a crawl, and even taking you offline entirely.
DETECT via having a way to quickly compare with normal network traffic—knowing what an attack condition looks like.
STOP via IP blocking based on content, geolocation, and traffic rate.
Good news: These attacks are actually declining.
PREVENT via keeping up to date on patches for web apps and related technologies and conducting penetration tests against web applications.
DETECT using a web application firewall (WAF) for web protocol inspection.
Given the enduring prevalence of brute force and credential stuffing, it’s not surprising that most of the targeted tech involves some kind of authentication technology, whether that’s login pages, APIs, or Anonymous File Transfer Protocols (AFTP). Websites and DNS are both susceptible to attack either via the exploit of vulnerabilities or DDoS, so it’s not possible to tell how those vectors map to these targets.
Compared with other sectors, the banking industry tends to place greater importance on substantive and overarching cybersecurity programs. Still, it faces many of the same challenges that other industries do when it comes to building and maintaining security programs in the face of both attacker trends and entropy.