6 tips for preventing a banking data breach
By Steve DeLaCastro, Vice President, Financial Services, Ricoh USA
The staggering amount of personal information that banks manage makes data breach prevention a priority.
Read time: 7 minutes
Every company in every industry faces the prospect of a cyberattack that poses a threat to its data security. And the likelihood of an attack continues to escalate. Some sectors, though, are targeted more often than others and are, therefore, at greater risk of both cyberattacks and data breaches. Financial institutions manage a staggering amount of personal information and have the wherewithal to meet a cybercriminal’s ransom demands. This makes them high-value targets for threat actors seeking to demand a ransom or steal and sell the institution’s data on the black market. It has also made data breach prevention an IT priority.
Ransomware attacks have grown — and they’re getting more costly
What data could be more valuable to hackers than the information banks collect every second of every day while processing financial transactions for millions of customers? Loans, credit cards, investment vehicles, and everyday spending accounts are incredibly data rich and reward cybercriminals with far more than phone numbers and email addresses. Which is why data breach threats continue to grow at an alarming rate; and at a staggering cost to victim institutions. The share of breaches caused by ransomware grew 41% in the last year and the cost of a data breach now averages $4.35 million — an all-time high.¹
In addition to the highly desirable PII (Personal Identifiable Information) they gather, banks are prime targets for another reason: they’re in the midst of modernizing their applications, data, and infrastructure. This modernization is driven by the need to address the demands of today’s digitally transformed consumer (and their sky-high customer service expectations) and an ever-changing regulatory landscape in which today’s compliance could very well be tomorrow’s cyberattack liability. In these circumstances, any infrastructure instability makes an institution easier prey.
How does a data breach occur?
Most banking data breaches can be attributed to hacking or malware attacks. Other breach methods include an unintentional insider leak, payment card skimming, and the loss or theft of a personal device, such as a company laptop. Attacks leading to a breach can take one of two forms: network or social.
In a network attack, the cybercriminal exploits weaknesses in the target’s infrastructure. This type of attack may include, but is not limited to:
SQL injection: a computer attack in which malicious code is inserted into a database in order to gain access to sensitive information
Vulnerability exploitation: a hacker finds a software vulnerability or security flaw into which they inject an “exploit” or piece of code to take advantage of the vulnerability
Session hijacking: a hacker gains access to a user’s PII, and a network, by disguising itself as an authenticated user
In a social attack, the hacker uses social engineering tactics to infiltrate the target network, and this tactic often takes the form of a highly targeted spear phishing email. The email “phishes” for information from the employee, and by fooling them into exposing proprietary company information, provides the attacker with access to protected data via, for instance, the recipient’s login credentials.
A spear phishing email can also include a malware attachment set to execute when downloaded. According to IBM’s 2022 Cost of a Data Breach Report, the use of stolen or compromised credentials remains the most common cause of a data breach and served as the form of attack in approximately 20% of all 2022 breaches.¹
How to ensure your bank's data security
1. Educate your employees
External criminal agents are not the only cybersecurity threats organizations face; companies must also contend with their own “human touch” processes. The World Economic Forum Global Cybersecurity Outlook 2022 points out that a staggering 95% of data breaches are due to human error.²
How can financial institutions reduce the kind of human error, along with accidental information mismanagement, that can compromise data security and with it, lead to significant penalties, customer loss, and brand damage? By educating employees, fostering a security culture, and building processes that help eliminate the likelihood of human error.
There’s a reason that phishing and social engineering are as prevalent as they are — they work. This year, 82% of data breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike.³
2. Maintain a robust tech team
Another challenge for financial institutions is the shortage of IT professionals.
“Over the past few years, one issue has remained prevalent and is expected to continue: a cybersecurity manpower shortage and talent gap. This is becoming a more recognizable problem as companies come to grips with the reality of cyberattacks, crime, and the havoc they’re bringing on their victims.”⁴
In response, organizations are seeking to bolster their data breach prevention strategies by not only strengthening their cybersecurity solutions, but also augmenting their IT teams through partnerships with managed cybersecurity services companies.
Learn more about Managed IT Services and Support >
3. Close shadow IT doorways
Today’s financial institutions’ agile infrastructure hinges upon a hybrid workforce across various locations. From a data management standpoint, each of these locations and users constitutes an endpoint, with each endpoint serving as a “doorway” through which employees access corporate data. These endpoints also weaken a bank's efforts toward data breach prevention by providing doorways through which bad actors can enter their network.
Faced with a virtual office environment; an onslaught of lean, new, neo-bank competitors; and “pandemic-transformed” consumers with an appetite for instant gratification; banks turned to Shadow IT cloud and SaaS solutions, such as DropBox® and OneDrive.™ These were intended to help a virtual workforce communicate, organize, and stay productive — which they have. However, the unintended consequence is that these Shadow IT devices, applications, and technologies also create endpoints that expose the bank’s data to even greater security and compliance risks.
The IBM Ponemon Institute’s Third Annual Study on the State of Endpoint Security Risk reveals that organizations are making little progress in reducing their endpoint security risk, especially against new and unknown threats. Financial institutions continue to enable the storage of non-public information on endpoints, which are often protected by legacy technology. In fact, in this year’s research, 68% of respondents report their company experienced one or more endpoint attacks that successfully compromised data assets over the past 12 months.⁵
4. Monitor third-party vendors
Compromised third-party vendors account for more than 60% of data breach events. It's imperative that financial institutions perform vendor network risk assessments regularly to identify any vulnerabilities in cybersecurity frameworks.
5. Implement AI-powered security solutions
As cyberattacks grow in volume and complexity, organizations are enhancing their tech stacks with AI/ML-driven solutions. AI (Artificial Intelligence) and ML (Machine Learning) are now, for many institutions, playing an increasingly critical role in securing data by facilitating the detection, protection, and response time to a cyberthreat. The reason is simple: AI-driven security and automation technologies can either augment or supplant the “human-in-the-loop” component in identifying and containing an intrusion attempt.
In the instance of a network session, where a hijack can lead to a data breach, AI/ML-driven solutions can provide valuable insights into a user’s identity. By supplementing the human verification process with behavioral biometrics and evaluating the network user's level of risk, additional verification steps can be taken if needed.
In the event of a successful attack, AI-powered solutions can significantly reduce identification and containment times, both of which cause costly downtime. In fact, organizations with fully deployed security AI and automation took an average of 181 days to identify and 68 days to contain the data breach, for a total lifecycle of 249 days. By comparison, organizations with no security AI and automation took an average of 235 days to identify and 88 days to contain the breach for a total lifecycle of 323 days (a difference of 74 days).⁶
Learn about the top priorities, technologies and challenges in banking and investment services for 2023 in this Gartner®️ infographic.*View infographic
6. When it’s not enough, Zero Trust
Many organizations already have traditional security solutions in place, such as e-mail scanners, corporate firewalls, web gateways, EDR (Endpoint Detection and Response), and XDR (Extended Detection and Response). But, with the increased sophistication of cyberattacks, these protections simply are not enough.
While they prevent known malware threats, traditional solutions struggle to detect new malware strains. The solution? A Zero Trust approach in which your traditional “prevention” solution is augmented by a post-breach one. Sometimes referred to as perimeter-less security, Zero Trust is a security framework where every user or device must be authenticated and validated before gaining access to any business system, application, or asset. Driven by AI, endpoint response and detection tools can proactively block and isolate malware and ransomware threats.
The numbers prove that Zero Trust works. For organizations with Zero Trust deployed, the average cost of a data breach was $4.15 million, while organizations without Zero Trust experienced average costs of $5.10 million. That’s a difference of nearly $1 million —and a savings of 20.5%.¹
The newest layer of data security - ransomware containment
RansomCare, powered by BullWall, provides multi-layered security to protect your business from threats, halting a ransomware attack as soon as it’s detected. It features a simple deployment, easy maintenance, real-time reporting, and more. All with zero impact on network performance and minimal demands on an already stretched IT department.
For more information on ransomware containmentView our ransomware containment solution brochure
Visit our Ricoh Cybersecurity Solutions page for more information.
Or schedule a consultation to learn more and take the next steps to safeguard your company against the latest threats.
*Gartner, Infographic: Top Priorities, Technologies and Challenges in Banking and Investment Services for 2023, 17 October 2022, Nicole Sturgill, Pete Redshaw. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Recommended for you
What is Shadow IT? The Risks, Costs & Benefits
Shadow IT brings a lot of risk to organizations of every size. It also offers potential benefits. This article shares how to make it work for you.
Is my business really at risk of a cyber-attack
Cyber-attacks and data breaches have become an unfortunate part of business life. Fortunately, you can protect your business, regardless of its size.
Data Risk Assessment Checklist
Learn how to conduct a content risk assessment, identify critical data that is exposed and put a plan in place to avoid security breaches.