On Friday, February 25th, Crowdstrike CEO George Kurtz discussed the state of America’s cybersecurity readiness during an interview with CNBC. He called it “pretty poor,” and added that it was especially concerning considering Russian retaliation could come in the form of “painful and finely tuned” attacks.
Kurtz said, “I see a lot of banks who are very concerned about what might happen.” He added, “They [should] be concerned too. There’s going to be some pretty substantial changes here. It’s not going to go away any time soon. It’s a new paradigm for banks.”
And when banks are impacted, the economy and business in which they operate can be negatively affected.
Cybersecurity In Big Banks Vs Small Banks
Despite the heavy focus on cyber security, banks with resources have the technology to beef up their defenses. Smaller banks might not have the resources to institute a new system so quickly or be able to afford it. These slow responses leave small-banks at great risk. It is not just 2018, but every day in 2018 brings new threats from cyber attacks that could seriously endanger cashless transactions and mobile banking further in 2019.
In a recent news report from Trend Micro, although cyber attacks are up again for the first half of 2021, nothing has really changed for the banking industry. A 1,318 percent increase in ransomware attacks have been reported.
Biggest Cybersecurity Threats To Banks
The top security threats are, and still are, ransomware, direct access to your computer remotely as a result of remote work, cyber attacks on the cloud, social engineering and supply chain attacks.
With increased use of artificial intelligence and machine learning, cybersecurity software may actually be making the defenses weaker rather than stronger.
“The true implications of COVID-19’s findings are that digital and mobile customer platforms, which offer quick and instant transactions, leave little time to run customer authentication or verification checks,” said Dr. Jean-Paul Kockelman. “Likewise, the risks associated with KYC and onboarding procedures in the digital era have increased significantly in recent years, causing frustration for financial services firms and their customers.”
Rehak continued that today’s increased need for safety and security has created obstacles in examining the authenticity of a digital interaction. Evaluating the validity of an individual’s identity now involves referencing huge amounts of data from multiple sources – everything from geolocation and session behaviors to data from merchants, bureaus and customer profiles.
In a recent Wall Street Journal article, M&T Bank security chief David Stender said that more expensive tech just means more expensive security. “It needs to be cost-effective security,” he explained, “not security at any cost.”
“Companies are spending too much money on all these technological advancements,” Stender continued. “A lot of companies spend big bucks on artificial intelligence as a way to solve their problems and that’s really not necessary. They would be better off using what they have now.”
Some banks don’t have the budget to spend on AI and hired specialists in cybersecurity and related tools. This is true for those with limited resources, investing in cost-effective measures like regularly installing patches, frequently backing up data and educating employees on password management and phishing attacks, which are often easy ways into a company by attackers.
How To Spend Money On Cybersecurity
“Spending money on cybersecurity awareness makes sense,” according to Steven D’Alfonso, a research director at IDC Financial Insights. Some of the banks I work with do cybersecurity awareness training, but he thinks smaller banks don’t try to focus on phishing tests and teaching people how to identify bad links.
And while D’Alfonso doesn’t dismiss AI outright, he agrees with Stender that small and mid-sized banks will not fully benefit from it unless they first agree on a security budget and a detailed risk management plan. Once those are in place, as this insightful article notes, banks can implement a series of solutions such as working with MSPs to fill talent gaps and identify/address security gaps, enhancing the security awareness of both employees and customers, using high-tech tools to help thwart attacks.
Communication is critical in banks and other financial institutions when it comes to maintaining cybersecurity. Organizations should have their own appropriate internal communications strategies in place to ensure that employees know their responsibilities in keeping secure data, reporting possible breaches, and be aware of new threats. Financial institutions also need resources and tools to deliver the information in an engaging way.
