Banking Groups Push for National Cybersecurity Standards
Read
Data shows financial services continues to be highly targeted by cyber criminals
The American Bankers Association (ABA) and other financial trade groups are pushing Congress to implement strong national data security standards and data breach notification requirements. Their goal is consistent enforcement of a national standard for consumer protection, instead of the current patchwork of security laws that vary from state to state. Their concerns are backed by recent data that shows plenty of reasons for banks and other financial services organizations to be concerned about cybersecurity risks.
“Any legislation enacted into law must ensure that all entities that handle consumers’ sensitive financial data have in place a robust — yet flexible and scalable — process to protect data, which must be coupled with effective oversight and enforcement procedures to ensure accountability and compliance,” the groups said in their letter on July 31, 2018. “This standard should apply to all entities that handle sensitive personal and financial data in order to provide meaningful and consistent protection for consumers nationwide.”
There’s no question financial institutions are prime targets for cyber criminals. Banking Trojan botnets designed to attack web application authentication mechanisms are extremely prevalent, with nearly 40,000 of them mentioned in Verizon’s 2018 Data Breach Investigations Report. The report also shows a high rate of Denial of Service (DoS) attacks in the financial services sector.
Of the 598 financial services incidents analyzed in the Verizon report, 146 had confirmed data disclosure. In those breaches, 36% of the data compromised was personal, 34% was payment-related, and 13% was bank information.
While the report also found that physical tampering incidents, such as payment card skimmers and ATM jackpotting, by criminal groups are causing concern in this industry, the findings also suggested that the impact of phishing attacks should not be overlooked.
Financial services organizations should “make sure employees know what to look for in regard to [phishing attacks],” the Verizon report recommends, “and give them a quick and easy way to report it.”
Phishing is typically one of the most successful types of cyber attack across industries, and has the potential to cause significant financial, reputational and other harm to organizations whose employees click on dangerous links or download attachments that compromise the security of the financial institution.
Contact me or another member of Kaufman Rossin’s risk advisory services team to learn more about cybersecurity trends affecting the banking industry and how to protect your financial institution.