Why community banks, credit unions must address security risks

[humble3d]

Why community banks, credit unions must address security risks

Large financial institutions have big budgets to repel hackers and cyber scammers. But thousands of smaller banks and credit unions serving communities all across the nation don’t have that luxury.

ThirdCertainty recently sat down with Ross Hogan, Kaspersky Lab’s Global Head of Fraud Prevention, to discuss what smaller financial institutions are up against.

3C: How would you frame the cybersecurity threats faced by smaller financial institutions?

Hogan: Fraudsters are going to go where the money is. For several years now they’ve been attacking the customers at smaller banks, and that activity is still definitely alive and well. We’re seeing variations of classic attacks. And we’re anticipating this will inevitably extend to the mobile banking products banks of all sizes are moving to roll out.

March 17 Webinar: Strengthening Data Security for Depositors

3C: What are some of the typical attacks occurring on a daily basis?

Hogan: We’re still seeing transaction tampering, whether that be modifying the transaction or hijacking the transaction via a man-in-the-browser type attack. Phishing scams are alive and well. Fraudsters will use any technique available to them in order to access customer credentials. Once they have those credentials, they can do any number of things.

Ross Hogan

3C: So online banking patrons continue to be viewed as attractive targets?

Hogan: Absolutely and especially on a global basis. In markets like Latin-America and the Middle East it’s rampant. Meanwhile, the daily bread and butter sort of attacks against end users has been somewhat mitigated in the U.S. It is definitely still happening, though not with the same frequency as five years ago.

3C: Could this be the lull before the mobile banking storm?

Hogan: We’re anticipating an upward trend of attacks as banking goes mobile. Banks haven’t quite yet rolled out all the functionalities that will make mobile banking very attractive because they’re somewhat scared of security. On the other hand, younger consumers are more dependent on mobile than ever, so banks are going to have to follow suit and meet the demands of the younger generation. And as that starts to happen, we’ll see a new wave of attacks.

3C: Security-wise, what should smaller banks and credit unions focus on in this environment?

Hogan: Banks are a service organization. The smaller you get, the more important service becomes. You form close relationships with your customers. Fraud prevention becomes vital, because if you jeopardize that relationship, the damage can really be irreparable. The customer will choose to go elsewhere.

Smaller banks really have to look hard at protecting their environments. There are many different options. Security can be built into mobile applications, for instance. You can go out and purchase security systems to really enhance your security posture, and establish customer trust.

3C: How effective are the typical defenses now in use?

Hogan: Two-factor authentication has been around and in some regions it is being pushed as more of a regulation. That said, there are ways to get around two-factor authentication techniques. When using any sort of authentication method, you have to make sure the customer is using a clean device.

Most of the endpoint fraud prevention solutions are going to have malware detection and some will have malware remediation. Some will have phishing protection and the good ones will have other layers of protection.

3C: Overall, how effectively are smaller banks and credit unions addressing cyber threats?

Hogan: Unfortunately a lot of action is motivated by regulation. The smarter ones are going through evaluation processes and some have actually gone so far as to implement some of the things that we’ve talked about.

Others just simply aren’t sophisticated enough to know what tools they have at their disposal. Experts are readily available to help them assess risk and formulate a risk strategy. Security consultants can help them understand and weigh their options.

Each institution is going to have a different risk appetite and decide on different technology and defense strategies. Consultants can help them make smarter choices about the actions they ultimately decide to take.

http://thirdcertainty.com/best-practices/community-banks-credit-unions-must-address-security-risks/