MIDSIZED U.S. BANKS: KEEPING DETECTION & RESPONSE COSTS DOWN WHILE IMPROVING SECURITY
Midsized banks in the United States understand the importance of staying up to date with customer preferences and technology and security trends. Whether they are a household brand or a local hero, these institutions must protect their customers’ assets and serve their communities with a fraction of the resources of larger institutions. And smaller businesses are often regarded as being less secure than big players by customers; a survey by KPMG found that 60% of consumers felt smaller businesses lacked the cyber security of larger organizations.
Steady innovations in both banking products and technology also mean that bank robberies are going online. After all, why run through the doors of a branch with a mask when you can do the same at far less risk from the comfort of a couch? In 2019, according to Insights, over a quarter of malware attacks targeted financial sector organizations. In the first quarter of 2019 alone, there was a 212% increase in compromised credit cards, a 129% increase in credential leaks, and a 102% increase in malicious applications, including fraudulent banking applications.
The best way to protect customers, staff, assets and reputation has changed – and banks need new resources to adjust and match this evolution.
Your institution’s attack surface will increase
From the attacker’s perspective, cyber-enabled crime, be it fraud, theft or money laundering, is cheaper, carries lower risk and yet has the same, if not better, potential for reward than “traditional” methods. As banks introduce more products and channels in a bid to grow, cut physical locations or compete, so will their attack surface increase.
Banks no longer have a single front door for each branch, leading to a single vault, and the number of doors is increasing as banks add new services. Taking the long view, customers have gone from using a single bank book in a single branch to multiple branches, credit and debit cards, ATMs and phone banking through to internet banking and mobile apps. Midsize institutions must now consider the security on systems owned or controlled by customers and suppliers, and the data and access their systems hold on to. Interconnectedness on the system side – payment platforms, interbank transfer systems and the like – have also meant that an attack on one of these systems can have repercussions across entire economies and sectors.
Is there some good news amid all of this?
Absolutely. Many attacks are a long way from Hollywood portrayals. It’s highly unlikely that most banks will ever be targeted by nation states in search of cold hard cash. The motivations of attackers remain the same, even if the techniques have changed with the times. And communicating the measures taken and investment made in cyber security to customers and regulators can help defend your hard-won reputation. It is, however, something you can’t do alone. You may not have the resources — time, people, budget or expertise — to defend against sophisticated cyber attacks, but we do. Our Managed Detection and Response service, Countercept, can help you and your organization identify and respond to cyber attacks. Our fast and flexible service, Countercept Rapid, can be up and running, defending your bank, within a week with no upfront cost.
We’ve distilled some of our insight into a brief report on the cyber risks midsized U.S. banks face.
As a first step, get the report. If you like what you see, we’ll be hosting a webinar shortly where you can put your questions to our experts directly.