DailyPost 2740
2024 CYBER SECURITY THREATS FOR BANKS
The banks are one of the most sought-after targets of hackers for quite sometime for the commodity they deal with. Lazarus, the cyber Al-Qaeda, having its origins in North Korea had special affiliation to financial institutions and made its mark all across the globe hacking them. The Bangladesh Bank heist and WannaCry ransomware attack would be remembered for long. Today the cyber criminals are professionalizing further and new threats are on the rise. A breach costs a lot too. As per an IBM 2023 report, finance firms are averaging $5.9 million per data breach.
Third party risks top the cyber security threats in 2024, the reality “that banks don’t know what they don’t know.” Getting data from the third parties is not enough, but is necessary to know the vendors they contract with. In the US interagency guidance on third party risk management is of great value. It can be an excellent place to learn about pen testing and other precautions. “Even when you are doing business with a reputable company, the question is: *“ Who are they doing business with?” The challenge is go down the rabbit hole to know who are your vendors’ vendors.
AI enabled phishing is transforming the landscape as nothing else, making it more and more difficult to catch them. In 2022, phishing attacks were responsible for 41% of the cyber-attacks. Generative AI marks the end of an era of ungrammatical phishing texts and emails with typos and colorful capitalizations. The attacks are turning out to be way more slicker now. Hard to detect deep fake tactics are much easier to pull off. Voicemail phishing is another area of concern and we already find this as an increasing trend. Both employee and customer education are a must.
Ransomware will continue to grab headlines. In Nov. 2023 the American arm of ICBC faced a ransomware attack. It is China’s megabank and is the world’s largest lender by assets. Besides taking ransom, sale of stolen data has become another source of income. They might just come for a second attack too. Some help for financial institutions is available. In Oct, state bank regulators released the 2.0 version of their Ransomware Self-Assessment Tool, or R-SAT, which helps the bankers to identify potential cyber security problems. Being technologically robust apart, cyber insurance has come in handy for institutions, which is become more and more restrictive.
CYBER SECURITY IS A WAR OF ATTRITION, WHERE YOU NEED TO BE ON YOUR TOES ALL THE TIME.
Sanjay Sahay
Have a nice evening.