Bank Data Breaches Are Up And It's An Inside Job

Uploaded on 2017-05-17 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

There have been many high-profile bank breaches in the news of late, and much of the blame has been laid on these institutions' legacy operating systems, and their inability to cope with new forms of cyber-attacks, including breaches.

However, a bigger security flaw may in fact come from another source.

•    Data breaches are on the rise in financial services (FS): More than 200 million financial services records were breached throughout 2016, accounting for a 937% year-over-year (YoY) rise. A breach is defined as an incident in which data is stolen. This is often a double-whammy, as gaining access to transaction data can facilitate financial theft.
•    The financial services industry is unusually hard-hit: FS was the most-attacked industry out of those examined in 2016, these firms were breached 65% more than the average organisation in all other industries in the study.
•    One reason for this targeting could be that cyber criminals are waking up to the extent of banks' lax security faster than the institutions themselves.
•    Human error is FS firms' biggest vulnerability: this sharp rise was caused by cyber criminals targeting the weakest point in FS firms' security, their employees.

For example, breaches can be effected by hitting individual workers' computers with multiple phishing scams to install malware.

Insider involvement accounted for 58% of all breaches in 2016; of these, 53% acted inadvertently, while 5% acted with malicious intent. To limit this damage, banks have to work harder to educate staff about cyber-security, and up their fraud-detection mechanisms.

This suggests that cyber defense has to begin with cultural overhauls, rather than technical ones. That more than half of banks' breaches are caused by employees highlights the futility of their investing in cutting-edge core systems to bolster security without rigorously educating staff and improving governance first.

Arguably, even the best tools are only as good as the employees using them. The pressure to reform will only continue to increase as the General Data Protection Regulation (GDPR) comes into effect, mandating banks to report all breaches within hours, or face fines and penalties.

Open banking is the democratisation of access to data previously exclusively owned by legacy financial institutions.

The open banking trend is being driven by a number of factors and will ultimately become the norm. That means retail banks need to rethink their business and operational models if they want to maintain the positions of dominance in the financial ecosystem.

Sarah Kocianski, senior research analyst for BI Intelligence has compiled a detailed report on open banking that explores the drivers behind open banking in detail, outlines the options for banks as they look to update their business and operational models, and explains the likely potential winners and losers of open banking.

Here are some of the key takeaways:

•    Open banking is most often facilitated by a technology known as Application Program Interfaces (APIs) which have enabled the business models and success of some of the most well-known startups of recent times.
•    There are a number of drivers behind the open banking trend, the most obvious of which is regulation that forces banks to give customers access to their data, or enable permissioned third parties to access their data.
•    Banks adopting open banking are taking a number of different approaches, from just taking the necessary steps to comply with regulation, to actively embracing the concept in an effort to maintain their retail banking dominance.
•    Banks are using different models of open banking, including app stores and sandboxes. Which model, or combination of models, a bank adopts depends on its priorities and the drivers it finds most imperative.
•    Open banking will have a significant impact on fintechs. With access to banks' systems and vast data stores, fintechs will be able to provide more personalised products, while operating with greater autonomy. However, open banking will also increase fintechs' regulatory and cyber-security burdens.

In full, the report:

•    Explains the concept and mechanics of open banking.
•    Outlines the drivers behind its increasing adoption by global retail banks.
•    Highlights the different approaches banks are taking to open banking, and explores the advantages and disadvantages of each.
•    Explores the future of open banking, including its impact on fintechs.

Business Insider:

You Might Also Read: 

Banks Lack Confidence They Can Detect Data Breaches:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

European Privacy Directive: Encryption Without Backdoors:

EU General Data Protection: A Milestone Of The Digital Age:

EU Protects Online Data Quite Differently From The US:

 

 

« Threat Intelligence Starter Resources
UK Proposes Online Surveillance In Real-Time »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.

Acuvity

Acuvity

Acuvity is the most comprehensive AI security and governance platform for your employees and applications. Secure your GenAI adoption with confidence.