The banking and financial services industries have always been one of the primary targets for high-profile attacks. The motivation is blatantly obvious – to cripple an institution’s website, steal critical customer data and, of course, for reap the financial benefits. Recent attacks, such as Yummba and Zeus, have only reinforced the notion that malware and DDoS developers have a keen interest in the industry – and this does not just include the large, global institutions, this includes smaller banks and credit unions, too.

The fallout from these attacks is significant, and clashes with the ultimate goal for any financial institution: To provide a convenient experience that instills trust and encourages long-term customer loyalty. According to Financial Publishing Services, data shows that banks are losing customers at an average of 12.5 percent each year – for reasons that include poor customer experiences and poor security. This is an alarming statistic, especially for credit unions that are working within small geographic locations and have more to lose.

Financial institutions have made strides in recent years to provide customers with personalized, easy-to-use sites that are optimized for all browsers and devices. Of course, that is a necessity when it comes to providing a better, positive customer experience, but it must not come at the expense of the security needs that the industry demands. There needs to be a balance between user-friendliness and security that can satisfy both the financial institution and the customer.

In order for banks and financial institutions to accomplish and achieve the customer experience trifecta of convenience, trust and loyalty, security must be a top priority and carefully incorporated into the customer experience strategy. And for that strategy to be effective, banks and financial institutions first need to be aware of what they’re up against.

Today, we are seeing a number of different attacks impacting the network.

IT administrators, whether at a large institution or small credit union, need to know how to protect against and have plans in place for the following threats:

Distributed Denial of Service (DDoS) attacks: DDoS attacks are quite possibly the most common attack method that the financial services industry needs to protect against. DDoS attacks occur when an attacker exploits the network by flooding a target and forcing it to shut down – thereby denying service to the legitimate users, or in this case, the financial institution’s customer. A DDoS attack can be used by the attacker as a distraction to position malicious malware and exfiltrate sensitive data while the IT administrator is working to get the site back up and running.

Short-duration, probing attacks: These attacks are very common and can be detrimental for financial institutions when it comes to protecting customer data. In these scenarios, attackers will attempt to gain access to the network through the weakest point in the system. While inside, attackers can collect and steal valuable information and plan for a much larger attack – possibly a DDoS attack that will overwhelm and bring down the site.

IT administrators working with financial institutions need to be vigilant and quick to add defensive rules that can limit this malicious traffic – such as implementing policies that can limit the exposure to and protect customer data.

Multi-vector attacks:  A multi-vector attack is an attack that also leverages the “weakest” part of a network – often times stemming from poor internal security posture or a threat embedded inside an application. These attacks are challenging to mitigate because they involve a combination of simultaneous attack tactics ranging from volumetric to application layer attacks. They are also tailored carefully to bypass most firewalls and anti-virus software.

To thwart multi-vector attacks, organizations need to quickly evaluate the threat to each vector and simultaneously work to mitigate by prioritizing – meaning curing the threat that has the most estimated impact first. Because financial institutions work with customer finances and critical data, that distinction can be a difficult one to make, but it is imperative to have the processes in place in order to mitigate risks.

At the end of the day, protecting a network boils down to three simple, yet critical, variables: Preparedness, skill and technology. Working closely with your vendors and security team during “peace time” to ensure that you are fully prepared for an attack scenario is crucial. Being prepared for every scenario is imperative – whether it be figuring out the best, most appropriate product configuration or determining what needs to happen in the event of a “fire drill.” During an attack situation, financial institutions need to be proactive – finding the best, scalable and cutting edge technology that is capable of staying one step ahead of the attackers and optimized to offer the best, most secure experiences for the end customer.

After all, isn’t that what they mean when they say “convenient banking?”

Mani Sundaram is vice president, global services at Akamai Technologies. 

 

NOT FOR REPRINT

© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.