
Inside Job: How Banks Are Getting Hacked And What They Can Do
- Updated On 10/01/2016
- Author : HBB | Guest Author
- Topic : Featured • Security
- Short URL : https://hellboundbloggers.com/?p=61781
CONNECT WITH HBB ON SOCIAL MEDIA
The same engines or machines that generate spam – bots – are now sending those bots into banks to scour for ways inside the vault. Spam, the obnoxious stuff that everyone expects to be filtered out by “junk mail” filters, has become the Trojan horse of choice among cyber criminals. The BBC recently conducted a research project looking at the internet address blocks used by 12 of Britain’s most well-known and well-established financial institutions. In the course of their research, they discovered that in 2013 alone, there were more than 20 incidents within British banking networks involving malicious activity, despite banks having some of the strongest defenses against cyber-attacks (Source: http://www.bbc.co.uk/news/business-25336448).
How Cyber Crooks are Cracking the Vault
Inside sources say that banking employee machines are routinely infected by malware. Multiple sources indicate that viruses, spam and other malicious messages regularly appear on banks’ corporate networks, most likely as a result of an employee or contractor encountering a bogus and booby-trapped email attachment, visiting an infected site, and (most likely) being enrolled in a “botnet” (a dragnet of hijacked computers used to mine a corporation’s computer systems). OpenDNS recently gathered statistics that suggest as many as 900 botnets were active in late 2013. The damage that can be wreaked through botnet breaches has many experts deeply concerned given that, “… as banks develop their controls in line with new criminal methodologies, new techniques will emerge”.
What Can Banks Do?
Banks are at the center of data security concerns. The information they gather intersects legal boundaries, intellectual property, and government regulations. To keep abreast of every potential security threat or virus is a virtually insurmountable feat, but, through data encryption – at rest and in the cloud – banking institutions could create a stronger security program than they may be currently using.
Studies show that institutions from finance to healthcare have high amounts of BYOD usage and often lack sufficiently strident data security policies for accessing data outside of corporate networks. Government-grade (FIPS 140-2 validated) data encryption solutions are recommended for all devices used to access and store data, be they BYOD (laptops, smartphones, tablets), as well as devices managed through an enterprise’s network (i.e., desktop computers). If the worst-case scenario should unfold, and a portable device carrying personally identifiable information (PII) is lost or stolen, data encryption via SEDs, for example, protects the encryption key by deleting it each time it is accessed, not storing it in the OS or network, and encrypting the encryption key independently – whether or not the company network is able to access it.
Want to discuss your queries and interact with experts? You can connect with HellBound Bloggers (HBB) Facebook group for free!
Join HellBound Bloggers (HBB) and get Instant Updates. We'll also notify you with Great Deals, Discounts and other Interesting Tips. We won't SPAM or SHARE your Email Address with anyone.
Thank you for reading! We welcome and appreciate your comments, but at the same time, make sure you are adding something valuable to this article. If you have any serious queries, suggestions or anything related to this article, feel free to share them, we really appreciate that.
But, if your blog comments are a random "Thank you", "Useful Post", or anything that doesn't actually upscale the article, then we'll be removing them and it won't be appeared below. Thanks for understanding and thanks for connecting with us. If you want to give us any feedback or report any errors, you can kindly contact us and we'll revert back soon.