Where a Breach Happens: Threats to Financial Institutions

by Sarah Harvey / May 14th, 2019

Securing Financial Institutions

Every business has an asset that they can’t bear to lose, and for financial institutions, those assets include money, financial information about consumers, and consumers’ personal data. Financial institutions need personal data in order to verify financial information and protecting all of that data is a responsibility. In this white paper, we’ll discuss four major areas of concern that financial institutions must take into consideration when securing their sensitive assets: ATMs, mobile and web applications, employees, and buildings.

Threats to the Outside of Financial Institutions

ATMs, mobile applications, and web applications all pose major threats to financial institutions. ATMs are vulnerable by nature. They are physical, they are left unattended more often than not, they have what a hacker wants, and they’re connected to a network. Older machines or ones that are stand-alone are typically easier targets, as there are less eyes on them and security measures may not be up-to-date. Banks and ATM providers have come up with physical ways to protect against and detect card skimming, but there are still ample ways for an ATM to be attacked. In fact, we see hackers turning to malware for a more damaging attack vector.

Likewise, today’s technology allows for convenience when banking, trading, insuring, or seeking advice on wealth management. Consumers can typically access their financial information at any time through mobile and web applications. When using a mobile app, the device’s attack surface is huge: the browser, the system, the phone itself, and the apps could all be targeted. When using a mobile or wireless app, the network is susceptible to weak encryption, Man-in-the-Middle attacks, packet sniffing, and more.

No matter how secure you believe your mobile or web app is, it needs to follow the guidance of frameworks and regulations like ISO 27000, FFIEC, SEC NIST, and NY CRR 500. Implementing these industry-accepted best practices will help financial institutions to secure mobile and web apps across devices, networks, data, applications, and user access.