Malware and ransomware are becoming an increasing threat to banks, but preventing such attacks from doing damage doesn’t just mean throwing extra resources at the problem.
For community banks, resources are already stretched thin so If they are going to properly build up their defenses, many will need to rethink their overall approaches to cybersecurity.
Take the $226 million-asset Citizens Bank of Kansas in Kingman. The bank’s small IT staff was spending a considerable amount of time reimaging its machines — that is the process of wiping a computer clean after it has been infected and installing a new operating system. The bank had no centralized security management system, so IT staffers had to physically manage each computer on its own, said Brian Gentry, Citizens' chief technology officer. But the bank knew that system of essentially going from fire to fire was not effective.
“If we didn’t do anything, the bank and its data would be more at risk,” Gentry said. “We looked for the next step of protection for our devices and our network.”
About 13 months ago the bank purchased cloud-based security solutions from Comodo, a technology vendor in Clifton, N.J. Now the bank a centralized security dashboard that issues daily reports and instant alerts on potential threats the bank’s IT staff should be concerned with, Gentry said.
“Any time we can more efficiently utilize staff, we are pleased to do so,” he said. The new centralized platform “has allowed us to spend only a minimal amount of time [at the endpoint] managing malware and data exfiltration issues,” he added.
This is especially important for smaller banks that have to do “more with less,” said Comodo’s vice president of product marketing, Todd Thiemann.
A remote monitoring and management functionality also allows Gentry and his staff to troubleshoot machines at the bank’s six branches from one location.
“It saves time, money and resources to resolve endpoint issues quickly and without having to physically touch an affected endpoint,” Gentry said.
One critical aspect of the new technology, Gentry said, is a “gateway security” function that prevents malware from infecting devices by allowing known good files to run unfettered, blocking known bad files, and running all unknown files in a lightweight virtual container where they can then be further analyzed safely.
“This means that our users are productive and protected even if there are questionable, potentially malicious files, that are somehow downloaded,” Gentry said. “Those unknowns run in containment where they cause no harm. What we used previously was a ‘default allow’ approach that only stopped the known bad but allowed unknown, potentially bad, applications to run.”
This approach is critical as malware targeting banks continues to evolve and becomes more frequent. Indeed, financial services was the most targeted industry by cyberattacks in 2016 after being No. 3 in 2015, according to a report released last week from IBM Security. The report stated that while malware attacks against banks were up globally, the U.S. and the U.K. specifically were the most targeted areas.
Another potentially troubling trend the report found was that cybercriminals are increasingly partnering with local crime syndicates on malware attacks.
“The level of cooperation between organized crime rings marks a significant shift in strategy,” a portion of the report reads. “While the sharing of tools and services was common in forums on the dark web, this deeper collaboration outside that environment demonstrates that to scale globally, deeper cooperation between criminals is required."
In fact, banks are 300 times more likely to be the target of cyberattacks from criminal organizations than any other business, estimates Kevin Murphy, a member of ISACA, an industry association for security professionals, and a cybersecurity, risk and privacy specialist at Royal Bank of Scotland.
“We are really starting to see some sophisticated attacks,” Murphy said. “Not just something that goes from A to B, but malware that sits [in a computer] for four months before becoming active.”
Murphy said banks need to “take a step back” and look at the big picture of dealing with cyberthreats.
“Let’s start by getting back to the basics of security,” he said. “Only run approved applications, disable macros that allow malware on computers, patch applications periodically and annually.”
Line-of-business heads should take cybersecurity seriously, and IT and security personnel should communicate more with the business side, Murphy said.
“You can only protect the business if you understand the business, and you can only understand the business if you talk to individuals who are responsible for it,” he said. “First, you understand the business processes then you build the security controls around that.”