Cyber crime in financial institutions

- Crispin Kerr, Webroot Managing Director APAC

What is cyber crime?

There are a number of different ways that criminals are trying to target financial institutions. There is social engineering exploits, which is when an end-user gets an email claiming to be from their bank, but it’s really a cyber criminal. Within that email there is a link asking the end-user to confirm their account information. Cyber criminals then leverage the credentials to gain access to the user’s financial records and banking accounts. Malware is another piece to it, where criminals distribute malicious software and a user is tricked into installing a keylogger or screen scraper program on their device. This means that when an end-user enters their credentials, the program can capture all that information, allowing criminals to gain access to the account.

How do cyber criminals attack financial institutions directly?

We’ve been seeing some very targeted threats towards financial institutions through spear phishing attacks. What this does is target someone that is working for that financial institution. The user is then tricked to click on a link and malicious software is downloaded. It then lies dormant and is able to capture information within the actual organisation itself, and send that information to third parties elsewhere in the world.

Has cyber crime been on the rise?

Absolutely, it’s on the rise. We are seeing more and more malware on a daily basis. We see about 120 million new types of malware per month, right now. Cyber crime is more organised than ever before and more than 50% of attacks now focus exclusively on financial and e-commerce services. The attack vectors are many from phishing emails to telephone based scams that impersonate the targeted institution.

Why do you think cyber crime is on the rise?

I think the usage of things like mobile and Internet banking have exploded, and so from a cyber criminal perspective, they obviously have a very good understanding about the activities that users are engaging in. That’s definitely caught their eye. They are seeing that more and more transactions are taking place on mobile devices and over the Internet, and so there are more opportunities to infiltrate and gain access.

How should financial institutions protect itself and users?

Cyber crime is definitely becoming tougher to detect. Cyber criminals are trying to stay ahead of the game by coming up with different methods to prevent detection – and that’s definitely going to continue. The more advanced criminals are getting, the more advance solutions like ours needs to be as well. Our Webroot SecureAnywhere endpoint protection and security intelligence services are aimed at doing things in a different way through a cloud-based model. We have all the power behind our solution residing in the cloud, which allows us to analyse downloaded files in real time and determine if a particular item has malicious data. This differs from the traditional signature-based model, when clients needed to constantly update their software and run scans to be protected.

What other way can financial protect themselves for cyber crime? (for example, through education, vigilance, etc.)

Both corporate-owned and personal devices should have secure passwords and screen locks; financial institutions should document this requirement in their security policies. In addition, they should also require that personal and corporate mobile devices maintain up-to-date, corporate-approved (and preferably corporate-managed) security software installed to guard against malware and other security risks.

Should financial institutions give staff training on cyber crime?

Security training will keep your workforce productive and prepared to be the first line of defense against malware, data breaches and other security threats to your network and their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.

Tags malwarecyber crimesocial engineeringe-commerceinternet bankingsecurity trainingcyber criminalsecurity riskfinancial institutionsWebroot SecureAnywhereCrispin Kerr (Webroot Managing Director APAC)cyber criminals gain accesssecure passwordscorporate-approved

Show Comments