In recent years, more than 100 banks and other financial institutions have fallen victim to high profile data breaches and state-sponsored hacks, many based out of Russia or countries in Asia. As a result, the financial services industry, which is vital to U.S. national security, is left to wonder who’s really responsible for the integrity of the financial system.
While the federal government and consumers must do their parts to stay protected, a lot of the responsibility falls on financial services institutions to ensure their systems and individual accounts are not compromised.
Due to destructive malware attacks and recent successful data breaches directed at banks, retailers and health providers, the risk environment for businesses operating online has fundamentally changed. To help financial institutions navigate this change, the Federal Financial Institutions Examinations Council (FFIEC) released two joint statements early this year that address dealing with stolen identities and the heightened risks of destructive malware that, in combination, represent a credible threat to business operations and the financial system as a whole.
The FFIEC joint statements focus on two key threats financial institutions face today. These include:
Compromised Credentials
The joint statement on compromised credentials discusses the growing trend of cyberattacks designed to obtain online credentials for theft, fraud, or business disruption and recommends risk mitigation techniques. These credentials include email addresses, passwords, Social Security numbers and credit card information. Many methods are used to steal these credentials, such as phishing and spear-phishing, malvertising, watering holes (infecting victims from websites they are known to visit) and Web-based attacks. Once stolen, these credentials are sold to underground fraud rings and used for account takeover and identity theft. The threat of compromised credentials has increased drastically in recent years, as millions of identities have been exposed in high profile data breaches, placing users’ credentials in the hands of cybercriminals.
The risk of compromised credentials indicates banks can no longer trust static identities of a user attempting a login or transaction, whether it is an employee or administrator, and especially if it is a customer. Even if a bank’s own internal systems are impenetrable, their customers and employees are not.
Destructive Malware
According to the joint statement, malware can enter a system through several channels, including employees downloading attachments in phishing or spear-phishing emails, connecting external devices (e.g., USB drives), visiting compromised websites, and through unauthorized parties using stolen employee or third-party credentials to install malware directly on systems. Once introduced, malware will attempt to escalate privileges using stolen identities and passwords to get access to more and more sensitive systems. Destructive malware may be further distributed and lead to detrimental damage. In today’s rapidly evolving cyber threat landscape, comprehensive cybersecurity depends on the ability to identify and contain damage, recover data, and restore operations from a wide range of risk scenarios.
Given the risk of destructive malware combined with stolen credentials, financial institutions need to continuously evaluate the health and risk of devices and identities being used to access data or perform transactions, irrespective of whether the device is an employee accessing services remotely from a personal tablet, or a sanctioned locked-down PC.
Given the billions of dollars stolen from banks and financial institutions, associated compromised digital identities and risks outlined by the FFIEC joint statements, what preventative cybersecurity strategies should financial institutions consider? To protect against advanced cybercrime attacks, financial institutions must put the following preventative strategies in place:
Protect your digital channels
Consumers increasingly turn to their mobile devices for online banking and other transactions. Along with this trend, cybercriminals see the mobile channel as an ideal target for financial gain. When it comes to cybersecurity, financial institutions must approach the mobile channel differently than desktop. To protect mobile transactions and accounts, financial institutions should leverage an integrated digital security platform that crosses over between browser and mobile, and includes features specific to the mobile channel and native apps. These include location services, device identification, device spoofing detection, application integrity evaluation, and jailbreak and root detection. Most importantly, superior mobile analytics coupled with cross-channel identity intelligence will enable security organizations to support optimized user experiences without adding undue risk.
Leverage global shared intelligence
To proactively counter cyber threats, your organization needs to look beyond its own firewalls to share actionable threat intelligence about compromised identities and devices. Financial institutions need new ways of assessing digital identities by leveraging global shared intelligence to detect when personal information and devices are being used illegitimately based on historical norms. Every time a network is breached, every financial institution becomes the target of the digital debris, as pieces of a user’s digital identity can be used over and over again, with each attack increasing in sophistication on a daily basis. Much progress has been made for automating intelligence about malware threats, but the greatest advancement against cyber threats will not happen until we have shared intelligence about identity abuse.
Implement an integrated digital identity strategy
Rather than relying on static concepts of identity and authentication, your cybersecurity strategy should include real-time decision analytics that dynamically assess consumer digital identities, devices and behavior across channels and institutions to accurately identify cybercriminals in real time without added customer friction. By implementing a digital identity hub that is capable of consuming and decisioning on otherwise disparate and siloed authentication and fraud intelligence, financial institutions can more effectively stop threats while getting closer to their customers. More specifically, a digital identity network extends cybersecurity in the following ways:
- Enables financial institutions to meet authentication guidelines—Banks and financial institutions are especially susceptible to cybercrime, as digital identities are the new currency powering cybercrime and cyber terrorism. A digital identity hub enables these institutions to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.
- Extends online identity perimeters for businesses—On the fraud prevention side, businesses have always looked at identities but not how these identities are used online across channels or websites. A digital identity network ensures identities are looked at as a whole and are protected across channels, eliminating any perimeters.
- Provides effective customer identity protection—Following data breaches and other cyberattacks, some banks make the mistake of offering consumers free credit monitoring, but this is not an effective means of guarding against account takeover attacks, or transaction fraud that result from data breaches. Rather, as millions of stolen identities are in use following high profile data breaches such as Anthem, and JPMorgan Chase, a digital identity network analyzes consumers’ digital information – including devices and behavior – in one place and flags if compromised credentials are not being used by their legitimate owner, in real time.
A digital identity network combines world class device identification with identity analytics and behavioral intelligence to build complete online personas for every registration, login and payment transaction without adding friction for customers. As cybercriminals become more sophisticated and find new ways compromise digital identities and devices, sharing global shared intelligence across business boundaries enables financial institutions to protect both internal and customer data from the onslaught of cyberattacks.
Cybersecurity has to be the number one priority for the financial services industry. It’s not just about saving the bank from losses, it’s about protecting the trust your customers hand over when you are the guardian of their money, identities and personal lives.
About the Author: Alisdair Faulkner is chief products officer at ThreatMetrix, which offers market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. Faulkner is a noted industry expert in issues relating to online fraud, cybercrime, identity theft, information security and networking technology. As chief products officer and co-founder at ThreatMetrix, he is responsible for product management and strategy.
