Slideshow Top 5 Security Threats Banks Will Face in 2015

  • December 19 2014, 12:00pm EST
6 Images Total

Large security incidents this year included JPMorgan Chase's August breach affecting 76 million households and seven million small businesses, Home Depot's breach of 56 million card account records it confirmed in September, and the Sony hack discovered in November, in which emails were stolen and hard drives destroyed. Here are some educated guesses about some of the security threats that will crop up next year.

Mobile Banking Is Ripe for Attack

"We're a decade into mobile access to sensitive information and fraudsters have tricks up their sleeves," said Ross Hogan, global head of the fraud prevention division at Kaspersky Lab. "Devices are getting more powerful and user friendly, people are storing more sensitive data on them." A Kaspersky Lab survey of 11,135 consumers worldwide found that 92% of mobile device store sensitive information in their devices, which are vulnerable to phishing and infections.

"No one has security on these devices," Hogan said. "This puts people at great risk. I see this as a mobile landslide."

Content Continues Below

SMS, Malware Strikes on Android Devices Will Continue

More than 3.73 million strains of malware target mobile devices today, many of them Trojans like Svpeng. Most target the Android mobile operating system, points out Lillian Ablon, who is a researcher at the Rand Corporation in Santa Monica. The two main attack vectors are through fraudulent text messages and malicious apps in Google Play, she said. Hackers focus on Android because Apple's walled-garden approach is hard to get malicious apps through, and because Android has the higher market share.

"If you are an actor who wants to go after a system, you'll play the probability game and go after what there's more of in the world," Ablon said. "The goal of these actors in the black markets is to make money for the least amount of effort with the highest probability of success. That means going after the weakest systems and those that have the largest market share."

Business Clients Will Walk if Their Bank Suffers a Breach

Most businesses — 82% — say they would leave a bank if it had a breach, and 74% say they choose a bank based on its reputation for security, according to a survey by Kaspersky Lab. "There's an undercurrent of idealism here, the idea that the financial institution is ultimately responsible," said Ross Hogan, global head of the fraud prevention division at Kaspersky Lab. "The role of the bank is to keep your money secure; when you fail at that, it's an overall failure." Even if the companies don't walk away and just reduce their deposits, that's still an added incentive to be proactive about security.

Payment Breaches Will Surge Ahead of Switch to EMV

Because MasterCard and Visa are pushing retailers to accept EMV chip-and-PIN cards by October 15 (or face greater liability for card-related fraud), there will be continued attacks on retailers' point-of-sale systems early in 2015 that will die down as EMV terminals get deployed, predicts Michael Bruemmer, vice president of data breach resolution at Experian.

"We know, as we saw in Europe, that [EMV] isn't going to be a panacea, because some of the fraud that happened in brick and mortar retailers shifted more online after the full implementation," he said. "But we think because of this transition, there's going to be a race for the hackers to find vulnerabilities both in the magnetic stripe system and new [systems], because this shift has been forecast now for three years. The hackers are getting ahead of it."

Content Continues Below

The Internet of Things Will Create New Vulnerabilities

Gartner expects the Internet of Things — ordinary objects like thermostats, refrigerators and watches that are connected to the Internet — to grow to 26 billion units installed in 2020, an almost 30-fold increase from 0.9 billion in 2009. With more companies looking to leverage the so-called Internet of Things by gathering, storing and processing data from billions of objects and devices, there are more points of vulnerability for this information to be targeted by hackers.

"Whether it's cameras inside your home, your Fitbit, the wifi router in your car, that's all collecting data," said Bruemmer. "Who's to say when you take your car into the shop to check your engine they can't pull data off that router as you were texting or using Internet in your car to deposit money in your bank account? The real issue is the proliferation of data on all these devices."