Blog

By Adolph Barclift, Chief Information Security Officer at Five Star Bank

According to IBM’s Cost of a Data Breach 2021 report, the average cost of a major cybersecurity incident to a business or organization is more than $4 million.

That’s a staggering number, but it puts the importance of information security for businesses and organizations under the spotlight—and attached to blaring sirens and alarms—that this problem deserves. In my more than 20 years as a cybersecurity professional, I’ve seen the banking industry become a prime target for external threats such as credential-stuffing, phishing, and ransomware attacks. Digital banking and banking as a service (BaaS) initiatives have greatly increased the attack surface of foreign investing funds (or FII), and are now facing threats that are often interconnected—and will persist for the foreseeable future.

But as a whole, properly managing information security is about making connections between various events to see the relationships. To do this, you need to understand the threats, how they can become interconnected, and how this interconnection could wreak havoc on your business or organization.

Here is an exploration of main threats commonly encountered, and why defending against each should be made a priority for your operations.

Ransomware

Devised as detrimental software to block access to a computer system and elicit a financial ransom from those affected, ransomware continues to act as an effective tool for informational security disruption. These malware maneuvers doubled from 2020 to 2021, and for banks specifically, attacks on partners pose nearly the same risk (from a data export perspective) as an in-person attack on the bank itself.

Over the years, the use of ransomware has gained popularity by perpetrators because of the ease of purchase, use, low cost, and generation of desired payout. According to a recent data breach investigation report from Verizon, these attacks represent 64% of all malware incidents reported. Virtually anyone can initiate a ransomware attack that could pay for itself in a single attempt if they can obtain valid access to a victim’s operating system—which is typically done via the next theat.

Phishing

Phishing attacks—typically through SMS or email—are generated to gain an entry point into the organization, compromise the credentials of both the target and those who the target interacts with, and are the root of all evil as it relates to cybersecurity risks.  The reason is simple; it’s far easier to exploit a person and capture data than it is to exploit a hardened operating system on a physical device.  This is often done by impersonating a senior official within an organization (such as the CEO or CAO), a trusted vendor, or customer.

A recent report in the New York Times revealed more than 11 billion scam texts were sent in March 2022 alone; and these messages are simple to produce and cheap to deliver at a scale that makes them extremely effective. And unfortunately, attacks are becoming easier and more effective, thanks to the growth of AI-as-a-Service (AIaaS). This makes the need for vigilant defense and awareness more vital than ever.

Compromised Credentials

From effective phishing expeditions comes employees with compromised credentials, and presents yet another imperative cybersecurity risk.

As detailed above, compromised credentials are the launch point for cyber-attacks. It’s the basis by which most malicious activities occur, including scanning of file shares, new account creation, payroll, and access to other systems. Customers or members whose personal and payment information is accessed poses a dual threat to the businesses and organizations infiltrated by phishing perpetrators, compromising the individuals and the company.

In all cases, the objective is to move up the information value chain to access higher-value assets. But with more than 290 million victims of these attacks in 2021 alone, it’s a problem that threatens everyone, regardless of position or affluence.

Shortage of Cybersecurity Skills

Cybersecurity roles in any organization require a unique combination of skills, including knowledge of computer architectures, understanding of computer operating systems and their administration, and an expert familiarity with networking, email, and messaging formats.

These skills are critical in banks, specifically—but unfortunately, individuals who boast these skills are currently at a premium. According to a recent report by cybersecurity firm Trellix, nearly a third of the cybersecurity workforce is planning to leave the industry in the near future, creating a dearth of needed professionals as the threat of attacks becomes more sophisticated and grows at a frightening rate. That same report detailed that 85% of polled organizations claimed a workforce shortage is impacting their ability to secure their IT systems and networks.

Globally, there are 3.5 million unfilled cybersecurity jobs, with about half a million unfilled in the U.S. This problem can’t be alleviated overnight, but training and recruitment for these positions needs to be addressed as urgently as any cybersecurity threat.

About the Author

Adolph Barclift joined Five Star Bank as its Chief Information Security Officer (CISO) in 2020, and now serves as subject matter expert responsible for the development and delivery of a comprehensive information and cybersecurity program protecting the bank’s assets, employees, and customers.