What Can Banks Do to Protect Data from Future Cyber Attacks
Putting our hard-earned money in the bank is a great idea, isn't it? All of your cash in one place, locked in a vault. You can make all the financial transactions you want with just a payment card. Convenient and also secure, because it can't get safer than a bank, right? Well, you'd think so but nothing is ever truly 100% safe, especially when it comes to large amounts of money.
Banks aren't invulnerable. Yes, they put a lot of effort into their digital security but they can be hacked. It has happened many times in the past to even the biggest and most reputable banks. Take the recent wave of ransomware attacks for example. These malware attacks target individuals or small businesses mostly but imagine if they got organized themselves and shifted their focus to something bigger. Imagine a well-funded international online terror organization or even a rival country were to attack a bank, instead of looking for money they want to spread chaos? They could destroy their databases and "erase" our money.
Think of the havoc that would come about, if just one large bank was crippled in such a way. The chaos would be overpowering. A coordinated strike against multiple major banks could cripple society. Fortunately, such scenarios are only seen in Hollywood movies right now, but with over 45% of all monetary transactions in the United States are digitized it's not unreasonable to think hackers would turn their attention to the banks. Other countries have even higher numbers of digitized transactions, like Denmark with over 90% of all monetary transactions being entirely digital.
In fact, Denmark's National Bank reps commented this saying "A cyber attack at a systemically important bank, mortgage bank or central infrastructure company that seriously affects the availability of systems or the integrity of data may rapidly impact on the entire financial system in Denmark."
You may think banks are all but impregnable, but in reality, they're just as vulnerable as anything else. Positive Technologies published a report, which was detailed in Computer Weekly and according to it, banks are just as exposed as any other institution to online hacking attempts, maybe even more so. The hackers' usual venue of attack is through phishing scams currently, but that may change in the future.
The report shows worrying statistics. According to them, "employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form."
Interestingly, the banks have developed extensive recovery methods in case of natural disasters like flood, fire, earthquakes, or human errors, but they're not quite prepared to deal with elaborate hacks and cyber attacks.
How can banks protect their data and our money
There's no easy answer to this question. They already spend huge amounts of money on the latest anti-malware defenses, over three times the amount non-financial institutions spend, in fact, according to Kaspersky Lab and B2B International
The banks also make sure to make backups of their financial data. Some of them are created automatically at certain intervals of time, others when the data is created. The banks also store their data both locally and on cloud storage for maximum security.
However, what if a group of malicious hackers was to gain the credentials to the storage system of a crucial database? The attackers could manage to not just corrupt or delete that information, but they might also compromise or simply delete all the copies of the data. Of course, banks usually have offline recovery systems, such as tape backups, but those take a certain amount of time to upload. Another problem is that those probably don't have the latest transactions, digital or otherwise. Attacks like that can cost banks hundreds of millions, if not billions. Even a major bank could fold under such conditions. So if hackers can destroy backups as easily as the original data what can the banks do to stop them?
One simple solution is to remove their ability to corrupt the data. Stealing storage credentials should not be enough to allow the hackers to erase irretrievable and crucial system information. There needs to be an extra step before gaining access to such vital data, according to security experts.