Thales Blog

Addressing The Bank Bandits Of Today

May 12, 2016

Tina Stewart Tina Stewart | VP, Global Market Strategy More About This Author >

willie sutton had nothing on these guysThere once was a man named Willie Sutton
The bandit robbed banks like it was nothing
But data went online
Mass theft got redefined
And financial breaches hit major headlines

Nowadays, hardly a week goes by without news of another damaging data breach incident. According to the latest count from the Identity Theft Resource Center (ITRC) there have been a total of 269 data breaches recorded through April 19, 2016, and more than 11.27 million records have been exposed since the beginning of the year.

Click To Tweet: Today, successful bank bandits are online @socialtis #2016DataThreat

While it all started with the Bank of Greece it did not end there. The infamous hacker group Anonymous that launched an attack against The Bank of Greece took down the bank’s website but luckily (or perhaps not lucky and the result of a good security system) the outage only lasted for a few minutes. Anonymous notified users that The Bank of Greece was the beginning of a series of attacks that would last 30 days. Unfortunately, that’s not all folks. U.S. investigators suspect The Bangladesh central bank (where hackers stole $81 million) was partly an inside job. Agents with the Federal Bureau of Investigation have found evidence pointing to at least one bank employee acting as an accomplice. Add Anonymous’ current initiatives with hackers who are purely interested in financial gain and it makes the environment drastically more complex.

Financial institutions are seeing a surge in attacks. According to USA Today, an FBI official recently reported more than 500 million records have been stolen from financial institutions over the past 12 months. And according to lawmakers, the United States financial sector is one of the most targeted in the world.

Today we released the Financial Services Edition of The Data Threat Report. On the positive side, the U.S. financial market is still spending - a lot. In fact, 70 percent of financial services respondents indicated that their overall spending levels for protecting sensitive data will either be ‘somewhat’ or ‘much’ higher in the next 12 months, by far the highest of any vertical. Key findings include:

  • 90 percent of financial institutions feel vulnerable to data threats
  • 44 percent of financial institutions have already experienced a data breach
  • Complexity at 68 percent, and lack of staff at 35 percent, are identified as top barriers to adoption of better data security for financial institutions
  • 70 percent of financial institutions are increasing spending to offset threats to data and 48 percent are increasing spending on data-at-rest defenses this year

In terms of breach activity, the financial sector results also offer a ray of optimism. While 44 percent of U.S. financial respondents indicated they have experienced a data breach in the past, this figure is notably lower than other U.S. verticals such as healthcare (63 percent), government (62 percent) and retail (52 percent). Results found that a number of financial services organizations are taking steps in the right direction.

  • 48 percent of financial institutions plan to invest in data-at-rest defenses this year
  • 62 percent of financial institutions are looking to implement data security for brand and reputation protection
  • Many financial institutions are planning to implement ‘newer’ security tools that are more effective at protecting data even when other defenses have been compromised. These include tokenization (42 percent), application encryption (33 percent), Security Event and Information Management (SIEM) systems (29 percent) and privileged user access management (29 percent)

At the end of the day, bank theft has shifted from the old school bandits of the world like Willie Sutton to real-world data exposure that cause large scale ramifications. So where do we go from here? Like most regions and verticals, financial organizations must recognize that doing more of the same won’t help us achieve an improved security posture. As an industry, we need to pay more attention to new techniques for preventing attacks as well as detecting potential threats more rapidly and narrowing the window of exposure.

While financial services organizations have the luxury of more available budget than most other verticals, they should still consider vendors with a broad range of data security options. In a more secure world there are no standups with the next hacker, but instead organizations make it so costly and time consuming to steal data, doing so becomes an almost impossible task.