Cyber crime in financial institutions

- Crispin Kerr, Webroot Managing Director APAC

What is cyber crime?

There are a number of different ways that criminals are trying to target financial institutions. There is social engineering exploits, which is when an end-user gets an email claiming to be from their bank, but it’s really a cyber criminal. Within that email there is a link asking the end-user to confirm their account information. Cyber criminals then leverage the credentials to gain access to the user’s financial records and banking accounts. Malware is another piece to it, where criminals distribute malicious software and a user is tricked into installing a keylogger or screen scraper program on their device. This means that when an end-user enters their credentials, the program can capture all that information, allowing criminals to gain access to the account.

How do cyber criminals attack financial institutions directly?

We’ve been seeing some very targeted threats towards financial institutions through spear phishing attacks. What this does is target someone that is working for that financial institution. The user is then tricked to click on a link and malicious software is downloaded. It then lies dormant and is able to capture information within the actual organisation itself, and send that information to third parties elsewhere in the world.

Has cyber crime been on the rise?

Absolutely, it’s on the rise. We are seeing more and more malware on a daily basis. We see about 120 million new types of malware per month, right now. Cyber crime is more organised than ever before and more than 50% of attacks now focus exclusively on financial and e-commerce services. The attack vectors are many from phishing emails to telephone based scams that impersonate the targeted institution.

Why do you think cyber crime is on the rise?

I think the usage of things like mobile and Internet banking have exploded, and so from a cyber criminal perspective, they obviously have a very good understanding about the activities that users are engaging in. That’s definitely caught their eye. They are seeing that more and more transactions are taking place on mobile devices and over the Internet, and so there are more opportunities to infiltrate and gain access.

How should financial institutions protect itself and users?

Read more: Lessons from The Fappening

Cyber crime is definitely becoming tougher to detect. Cyber criminals are trying to stay ahead of the game by coming up with different methods to prevent detection – and that’s definitely going to continue. The more advanced criminals are getting, the more advance solutions like ours needs to be as well. Our Webroot SecureAnywhere endpoint protection and security intelligence services are aimed at doing things in a different way through a cloud-based model. We have all the power behind our solution residing in the cloud, which allows us to analyse downloaded files in real time and determine if a particular item has malicious data. This differs from the traditional signature-based model, when clients needed to constantly update their software and run scans to be protected.

What other way can financial protect themselves for cyber crime? (for example, through education, vigilance, etc.)

Both corporate-owned and personal devices should have secure passwords and screen locks; financial institutions should document this requirement in their security policies. In addition, they should also require that personal and corporate mobile devices maintain up-to-date, corporate-approved (and preferably corporate-managed) security software installed to guard against malware and other security risks.

Should financial institutions give staff training on cyber crime?

Security training will keep your workforce productive and prepared to be the first line of defense against malware, data breaches and other security threats to your network and their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber criminals gain accesse-commercesecurity riskCrispin Kerr (Webroot Managing Director APAC)financial institutionscyber crimeWebroot SecureAnywherecorporate-approvedsecure passwordsmalwarecyber criminalsocial engineeringsecurity traininginternet banking

More about Webroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Crispin Kerr

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts