Even the Secret Service is blown away by cyberattacks on banks

Twenty-four years ago, the World Bank was connecting all the central banks of the world to the internet, so as to improve liquidity and to wire up electronic finance. 

They had encryption. They had public key infrastructure (PKI). What could possibly go wrong?

A lot. Little did banks know at the time that their technologies wouldn’t save them from the modern, ever-more sophisticated cyberattacks they’re seeing today, manifested in island-hopping attacks, watering-hole attacks, application attacks, application programming interface (API) attacks, business email compromise (BEC) and more. 

The threat landscape continues to evolve and mature, and financial institutions’ defenses have to keep pace with these increasingly complex attacks. There’s evidence that their defenses are, in fact, making a difference. For example, according to Contrast Security’s newly released 2023 Cyber Bank Heists report, 40% of financial institutions that participated in the research reported that they’d been victimized by a ransomware attack, down from 74% in the prior year. 

We pulled the author of that report, Contrast Senior Vice President Tom Kellermann, into a Linkedin Live session to go over his findings, which include stats like these: 

• 60% of respondents were victimized by destructive attacks,
• 64% saw an increase in application attacks,
• 50% experienced attacks against their APIs,
• 48% experienced an increase in wire transfer fraud,
• 50% detected campaigns to steal non-public market information,
• 54% of the banks were most concerned with the cyber threat posed by Russia and
• 72% plan to invest more in application security in 2023. 

This is the sixth report in a yearly series looking at modern bank robberies that Kellermann has authored. In fact, it was 24 years ago that Kellermann wrote the first ever book on the state of play — of electronic safety and soundness and threats — in the financial sector. 

We were also joined by Derek Booth, who wrote the forward for the 2023 Cyber Bank Heists report. Booth is assistant to the special agent in charge with the U.S. Secret Service and head of the Mountain West Cyber Fraud task force.

Booth has been in computer forensics and cybersecurity for 24 years, himself. In that time, he’s seen the threat landscape grow into a Wild West that, he says, can be “overwhelming.”

“There's so much of it, and it's changing so much,” Booth says. “I gave a presentation just last week, and I talked about how in 1999 we concentrated on … credit card fraud and check kiting and counterfeit money. … it's crazy the way it's changed, and how fast it’s changing!”

The crooks are getting ever more sophisticated, and financial institutions have to figure out how to defend against increasingly complex attacks. 

Easy enough to say. But just what, precisely, are banks supposed to do to fend off the robbers?

Get cybersec smarts on your boards

According to Kellermann, it’s essential that the sector enact specific defensive shifts, which he outlined in the LinkedIn Live session. Just one example: get cybersecurity expertise on the board of directors: “It begins with adding a cyber security specialist to your board,” he says. “Even if you're not publicly traded, having that person become the advocate of a CISO that's typically marginalized within your organization would be fundamental, to hopefully elevate that person to the position they deserve.”

Other concrete steps: runtime protection is, obviously, “an imperative,” Kellermann stressed. Extended detection and response (XDR) platforms are “here to stay,” or, “at minimum,” financial institutions have got to integrate their network detection and response (NDR)  with their  endpoint detection and response (EDR). Other defense strategies include focusing on defending your application programming interfaces (APIs), including a thorough understanding of “how far they go into other organizations and vice versa, and how they could be used to attack your constituency,” Kellermann says. 

Get the holes out of your code

Also, the financial sector must continuously test the code it develops for vulnerabilities and make sure that institutions can prioritize or mediate what crops up, he continues. 

You’ll get all that and more in this LinkedIn Live session, where we talked through findings from the Cyber Bank Heist report, what financial sector security leaders are currently seeing, what threats they’re most concerned about and how they’re adjusting their security strategy.

Have a listen to the recording to learn more. 

Also, check out these deep dives into the report's main takeaways:

• Report: Cyberattacks against financial sector surge 64%
• Report: Cybercrooks are after financial insider info
• Report: How financial firms are fending off ransomware