Computer Services, Inc., released a white paper last week detailing common techniques used by fraudsters to attack IT systems, and security measures that can be undertaken by financial institutions to protect themselves and consumers.
According to the paper, compiled by Dan Holt, the president and manager of CSI’s Managed Services division, the top four cybersecurity threats include advanced persistent threats, mobile security, distributed denial of service attacks and cloud security.
APTs focus on specific individuals or networks and are “often conducted by crime groups with a sophisticated online presence aimed at causing major damage to consumers and institutions alike” through specific vulnerabilities.
The paper said education for both employees and customers is “the key to mitigating” APT risks.
“Ensure regular security training is refreshed often,” the paper reads. “Encourage employees and users alike to create strong—and multiple—passwords. And caution users against installing random software, opening attachments from untrusted sources and using unsecured Wi-Fi, all of which can grant unwanted access to your systems.”
The paper pointed to mobile device security risks, including Bring Your Own Device programs for bank and credit union employees. Most devices store company data, which can be accessed by cybercriminals if a device is lost or stolen, and many have direct access to the corporate network.
“Banks and credit unions must ensure that employee-owned devices meet all compliance requirements…” Holt said. “This entails developing corporate policies that cover every aspect of BYOD. Your policy should focus on mobile device management… It should also allow you to disable or ban certain insecure features and applications.”
According to the paper, DDoS—or distributed denial of service attacks—are among the most visible cybercrimes. Individuals or groups flood an institution’s system with a massive volume of communication requests, which overloads the system and causes a suspension of service for legitimate users.
The paper also said the first attack can serve as a decoy for the second, in which hackers exploit network vulnerabilities while resources are dedicated to restoring service.
“It’s nearly impossible to prevent every DDoS attack,” the paper reads. “If a group wishes to launch one, they will. But the key is taking steps to minimize the success of the attack. First, establish a relationship with your ISP. If the communication lines remain open, a DDoS attack can be identified quickly and headed off by the ISP.”
Additionally, the paper said that while banks and credit unions have increasingly voiced concerns regarding cloud-based IT technology, “many cloud systems and managed services providers actually enhance the integrity of IT systems.”
“The key for banks and credit unions is properly vetting service providers before migrating any information or infrastructure to the cloud,” Holt said. “Also make sure you’re meeting all regulatory compliance requirements. Many MSPs specializing in the financial services industry will have the expertise to both meet and exceed regulatory expectations.”
CSI is a cloud solutions provider specializing in the financial services industry. Offerings include C-Suite Complete Cloud, security and IT systems and strategic services.