For cybercriminals, targeting the banking industry with phishing emails may provide a relatively easy path to a major payday.
Regardless of where your financial institution currently stands in regard to security, being prepared for phishing attacks is crucial. In this blog, you'll learn about the state of banks and phishing, as well as technical safeguards for protection.
Banks and Phishing: Is it More than Just Security?
When examined on an industry basis, is the surge of phishing attacks on banks due to poor security and awareness, or is it related to the sheer volume of attacks? Some studies indicate banks may be unfairly targeted.
Symantec researchers believe banks are likely to remain among the most-targeted businesses in the years to come. In 2015, Verizon reported that cybersecurity incidents in financial services followed a few common patterns—just three types of cybercrime made up 88% of attacks on "banks, insurance firms, brokers, and credit unions." Their Financial Data Breach Investigations Report indicated that in this industry, 30% of phishing messages were opened and 12% of email recipients clicked on malicious links.
How Do I Protect My Bank from Phishing Attacks with Technology?
There's a great deal of attention paid to the human aspects of phishing prevention. Organizations are investing heavily in both awareness and simulation to keep their people prepared.
Humans make mistakes. When coupled with the increased social engineering behind phishing messages, even knowledgeable and well-trained staff could click on malware-ridden links in an email from a cybercriminal.
Technical controls are a necessity for bank information security teams in the ongoing fight against phishing attacks. Join us as we review the technical safeguards that can protect your organization from smart cybercriminals, and why they matter.
1. Anti-Malware
Anti-malware, antivirus, and similar technical barriers are not the only tools necessary to protect your organization against cybercriminals, especially given the surge of zero-day and advanced persistent threats. However, they are important baseline considerations for protection against viruses, Trojans, worms, spyware, rootkits, and other forms of malware.
Anti-malware and antivirus software are required for regulatory compliance in many cases and can also prevent the spread of viruses that fit existing patterns in your financial organization.
2. App and OS Patching
Patching is not strictly correlated with phishing prevention for financial institutions However, it is important for both basic protection and compliance with various regulatory requirements. Prioritizing regular patch updates to applications can reduce vulnerabilities for a wide array of criminal attacks, as well as provide some protection against the potential damages you could face when phishing builds inroads into your company's network.
3. Smarter spam filters
Can spam filters prevent spear phishing? It depends. While even the most basic, out-of-the-box spam filter solution can filter out some of the more obvious royal funding requests, spam filter technology hasn't fully caught up with spear phishing criminals
Many spam filters rely on existing blacklists, measures of sender credibility, or sender score, and clear spam indicators to redirect messages from inboxes. Since spear phishing and whaling attacks on banks may appear extremely credible, there's a chance they may not be intercepted.
Banks can improve their protection against malicious messages by using a customized spam filter or dedicated email protection program. Programs with the capability for advanced email scanning or limiting attachment types to exclude .exe and scripts can limit malicious messages. While spam filter technology is not in a place to act as an organization's sole protection against phishing attacks, it can offer some benefits in the fight.
4. File integrity monitoring software
If your awareness training, spam filters, and all else fail, what comes next? Is a financial institution doomed to suffer devastating financial loss from ransomware or zero-day malware virus in a phishing email?
Certain forms of file integrity monitoring software can act as a highly-effective, final barrier against cybercrime for financial institutions. By investing in agent-based file integrity monitoring solutions, you have the ability to identify and isolate the aftermath of a phishing attack before it's too late.
File Integrity Monitoring for Phishing Protection in the Finance Industry
CimTrak is the only file integrity monitoring solution offering security professionals at banks and financial institutions the ability to stop phishing attacks in their tracks, with full negative change remediation. With the ability to receive real-time alerts on your entire network from a centralized management portal, administrators can take action the minute a malicious file is opened.
To learn more about File Integrity Monitoring, download the Definitive Guide to File integrity monitoring today.
Tags:
CybersecurityOctober 27, 2016