Why Banks Remain So Vulnerable to Cybersecurity Risks — and How to Plug the Leaks

Some basics — like devising the strongest passwords and training and testing against social engineering attacks — should already be in place in your bank. An expert offers more than a dozen advanced steps you should be asking your experts about.

As more regional and community banks attempt to scale up to become more competitive, that growth can challenge their ability to effectively secure all their systems and data. This in turn can create lapses that result in critical cybersecurity issues.

The risks go beyond simple growth. Other factors that can contribute to vulnerabilities include outdated legacy systems and disruption from M&A system issues

Another risk: Cybersecurity teams that aren’t big enough to meet today’s threats, or that lack the requisite skills.

Weaknesses that Enable Outside and Inside Threats

Based on feedback from hundreds of penetration tests, Neovera has identified the weaknesses most likely to be exploited by attackers from outside the organization — as well as inside, from those who may already have limited access to the network.

The Top External Attacks:

1. Susceptible Users. Pretexting, phishing or other social engineering tactics can lure users into entering their passwords on a fake website. Another common cause: Running or opening malicious files sent via email.

2. Weak Passwords. Despite years of admonitions about the need for strong passwords, we still commonly see passwords such as “Test1234” or “Summer2024!”. These can be guessed quickly without generating lockout alerts.

3. Email Spoofing or Filter Bypass Vulnerabilities. It is very common for us to see email systems that allow attackers to either spoof or forge an email sender. Some completely bypass an entire security layer, such as a spam filter, due to misconfigurations.

4. Services or Devices Needlessly Exposed. Management logon pages or other services that should be restricted (such as firewalls and routers) are commonly found open to the internet. This makes them vulnerable to “zero-day” attacks. The label comes from the fact that there is no time to patch the vulnerability because it’s already been exploited.

Read more: APIs Are the Building Blocks of Bank Innovation. But They Have a Risky Dark Side

The Top Insider Attacks:

1. Broadcast or Legacy Protocol Abuse. Broadcast or legacy protocols, which are designed to send messages to all devices on a network segment, are older network communication methods that often lack modern security features, making them vulnerable to attacks like network flooding or unauthorized access. In this type of attack, old or misconfigured network services can be exploited to steal user passwords.

2. Insecure LDAP (Lightweight Directory Access Protocol). LDAP, a protocol used for accessing and managing directory information services, such as user and device data, over a network, is used in most networks and can be abused to gather information and gain access to sensitive accounts.

3.ARP (Address Resolution Protocol) Spoofing. ARP is a network protocol used to map an internet protocol address to its corresponding physical address within a local network. (This is the media access control address, or “MAC Address.”) An actor sending fake ARP messages can pretend to be other devices on a network to gain access or gather passwords.

4. ADCS (Active Directory Certificate Services) Abuse. This Windows service for supporting Public Key Infrastructure (PKI) is infamous for containing flaws that attackers can exploit to gain or elevate their access levels.

5. Overly Permissive Network Shares. Employees collaborating and sharing information can do so carelessly. An example: Creating shared folders that aren’t restricted solely to the people who need them. We often find network folders containing scripts, as well as other files containing passwords or other information that can be used in attacks.

Read more: How Banks Are Fortifying their Data Against Unexpected Cyber Threats

The Solution: An Enterprise-Wide Approach to Security

Financial institutions need to address their weaknesses across the board, implementing solutions that contribute to a culture of security. Here are 15 steps, technologies and processes banking teams should familiarize themselves with, and consider adopting, for a more secure future:

1. Security Awareness Training: Continuous education programs can teach all employees to recognize and respond to phishing attempts, social engineering attacks and other common threats. Education should be supplemented with regular simulated phishing campaigns. This will test and improve employee response.

2. Strong Authentication: Implementing multi-factor authentication (MFA) for all access points will help ensure that only authorized users can access sensitive information. Using biometrics, hardware tokens or mobile-based authentication will add layers of security.

3. “Principle of Least Privilege”: Ensure that users have only the minimum level of access necessary to do their jobs. Regularly review and update access controls to remove unnecessary permissions. This can reduce the risk of insider threats.

4. System Hardening: Apply the latest security patches and updates to all systems, applications and devices. Disable unnecessary services and features to reduce the attack surface. Implement secure configurations for all hardware and software.

Read more: The Three Most Crucial Cybersecurity Defenses in Banking

5. Network Segmentation: Divide the bank’s network into smaller segments or subnets to impede the spread of malware and unauthorized access. Additionally, use access control lists (ACLs) to manage traffic between segments.

6. Advanced Threat Detection (ATD): Deploy ATD systems, such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), to monitor network traffic for suspicious or anomalous activity. Also consider using Security Information and Event Management (SIEM) systems to collect, analyze and respond to security events in real-time.

7. Penetration Testing and Vulnerability Assessments: Conduct regular penetration tests to identify and remediate vulnerabilities. Implement a continuous vulnerability management plan that includes assessments to ensure that all systems remain secure.

8. Incident Response Planning: Develop and maintain an incident response plan to quickly and effectively address security breaches. Conduct regular drills and tabletop exercises to ensure that all team members understand their roles and responsibilities during an incident.

9. Data Encryption: Encrypt sensitive data both at rest and in transit to protect it from unauthorized access. Use strong encryption algorithms and key management practices to ensure robust data security.

10. Vendor and Third-Party Risk Management: Assess and manage the security risks associated with third-party vendors and service providers. Require vendors to adhere to the same security standards as your organization.

11. Endpoint Detection and Response (EDR): These solutions continuously monitor and respond to potential threats on endpoints such as laptops, desktops and mobile devices, providing real-time detection, investigation and remediation capabilities. Implement EDR solutions to quickly detect, investigate and remediate incidents.

Read more: Banks’ Brand Risk Grows As People Become Numb to Cyber Fraud

12. Zero Trust Architecture: Operating on the principle of “never trust, always verify,” this is a security framework that requires strict verification for every user and device trying to access resources. Adopt a zero-trust approach that trusts no user or device by default, even within the network perimeter. Continuously verify the identity and integrity of every device, user and network connection.

13. Behavioral Analytics: Use behavioral analytics to detect anomalies in user and system behavior that may indicate a security threat. Analyze patterns and trends to identify potential security incidents before they cause harm.

14. Secure Software Development Practices: These practices involve integrating security measures throughout the software development lifecycle (SDLC) to identify and address vulnerabilities early, ensuring that the software is resilient against threats and attacks. Conduct code reviews, static analyses and dynamic testing to ensure applications are secure.

15. Physical Security Controls: Add physical security measures such as access control systems, surveillance cameras and security guards to protect physical assets and facilities. Ensure that data centers and server rooms are secure and accessible only by authorized personnel.

Implementing these controls can protect systems, networks and, most importantly, customers’ highly sensitive financial and personal data, allowing banks to firmly establish trust with customers and continue to grow.

Scott Weinberg is CEO & Founder of Neovera.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.