Posted on 09/24/2018 at 08:57 AM by Jesse Johnston
A recently released study regarding cyber-threats give financial institutions some reassurances that their efforts in cybersecurity are proving to be effective. Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets finds that the number of successful security breaches has decreased from 36 percent to 15 percent, which means that financial institutions are affirmatively preventing over 80% of attempts to breach their systems. However, the cyber-criminals are ever-evolving. It is costly to keep pace with preventative technologies.
Akamai’s Summer 2018 State of the Internet / Security: Web Attack report identifies the newer and most pervasive threat to cybersecurity is from botnets. Botnets are networks of compromised computers—everything from coffee makers to workstations—that work in concert to provide fraudsters with immense computing capacity. Botnets can be used to implement distributed denial of service (DDOS) attacks that can effectively deny internet access to a target by overloading its connection points with traffic. Fraudsters have employed DDOS tactics in the past after organizations discover a breach as a way of hampering the organization’s response. According to the report, “Botnets” is a more general term to describe tools from web crawlers to site scrapers to account takeover functions. The report details the attempts by the botnets to attempt to log-in to systems through “credential stuffing” which refers to an automated process where the bot uses known usernames and passwords until it finds one that gains access into the system.
Regardless of the changing technologies and increasingly more complex hacking, there is some consistency in recommendations to be cyber-resilient. Both of these reports both offer the same take away: have a cross-functional response plan in place and provide frequent and meaningful training to all employees. As indicated in Accenture’s study, internal attacks (i.e. malicious employees) continue to be the greatest source of security breaches. The botnet technologies highlight another area in which employees are the source of the vulnerability—and that’s through the selection of passwords. With the immense computing power that botnets provide, fraudsters can employ botnets to effectively breach weak passwords. Developing a response plan and training employees on these key areas are much more cost-effective than a breach of the system. As always, organizations should work with knowledgeable attorneys both before and after an incident to make sure they have implemented an effective plan to deal with the consequences of an incident.