7 security threats every bank CISO should know

Apr 19, 2016

Posted in: Banking software

7 security threats every bank CISO should know

Every day major financial institutions are under a cyber attack thus, cyber security issues retain leading positions on the annual bank agendas. For financial institutions and banks, in particular, a breach of security can result in a monetary loss, a fall in consumer confidence and damage to the brand. And that`s a strong reason to start appointing Chief Information Security Officer(CISO) who would be in charge of crisis management and security risk mitigation plan. So, what are the security issues any CISO should concern?

And that`s a strong reason to start appointing Chief Information Security Officer(CISO) who would be in charge of crisis management and security risk mitigation plan. So, what are the security issues any CISO should concern?

  1. Malware

Being sent via email, Skype or by any other means, malware is one of the proven and, I guess, most popular ways to attack a system. Malware is any software designed to gain unauthorized access to users’ resources. Among the types of malware are viruses, worms, Trojans, adware, spyware, rootkits, and keyloggers. All of them are designed to gain access to private data. 

  1. Insider threats

Insider attackers generally have a significant advantage over outsiders – they do not have to overcome the most of the defense layers. These attacks yield to financial losses, public exposure of personal staff and customer information, negative media attention and publicity.

  1. Authentication flaws

The authentication mechanism is the heart of a system’s protection. If a hacker breaks the authentication, he gains full control of the corporate LAN and unrestricted access to the data held within it.

  1. Security misconfiguration

Issues of this type are caused by incorrect configuration of any infrastructure component like a web server, application server, database management server, mail server, etc. Correct setting should never be neglected. It is always better to take time and check everything twice. Infrastructure settings are the responsibility of system administrator.

  1. DoS and DDoS attacks

A Denial of Service (DoS) attack tries to make a target resource unavailable to its users due to lack of server resources. In most cases this can be done by flooding or malicious requests building. Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source at the same time. I should say DoS and DDoS also stand on the list of most used hacker attacks.

  1. Logic flaws

The mechanisms responsible for the payment and critical business processes may have vulnerabilities in the implementation of their logic. Typically, such vulnerabilities can occur in processes performed in several stages. For example, a user may be able to bypass the payment step in a checkout sequence. If the system doesn`t report of logic violation, be sure user complaints and malfunctions are on their way.

  1. Internet of Things

IoT is one more threat to privacy. The particular problem is that banks may not have the IT and security talent to deal with these new sophisticated security threats that come from customers` smartphones and whatnot wireless devices. The situation requires for experienced and talented people in bank`s security departments to cope with the issue.

There is no ‘one-size-fits-all’ strategy for cyber security. Banks should develop one that is tailored to its unique information assets and risk profile. Continuous staff training and challenging the traditional approach to information security are the undeniable parts of cyber security strategy.

Strong and thought-out security policy is the only possible way to avoid breaches and face contingencies.

by Alexander Arabey
Head of business development