Bank Data Breaches Are Up And It's An Inside Job

There have been many high-profile bank breaches in the news of late, and much of the blame has been laid on these institutions' legacy operating systems, and their inability to cope with new forms of cyber-attacks, including breaches.

However, a bigger security flaw may in fact come from another source.

•    Data breaches are on the rise in financial services (FS): More than 200 million financial services records were breached throughout 2016, accounting for a 937% year-over-year (YoY) rise. A breach is defined as an incident in which data is stolen. This is often a double-whammy, as gaining access to transaction data can facilitate financial theft.
•    The financial services industry is unusually hard-hit: FS was the most-attacked industry out of those examined in 2016, these firms were breached 65% more than the average organisation in all other industries in the study.
•    One reason for this targeting could be that cyber criminals are waking up to the extent of banks' lax security faster than the institutions themselves.
•    Human error is FS firms' biggest vulnerability: this sharp rise was caused by cyber criminals targeting the weakest point in FS firms' security, their employees.

For example, breaches can be effected by hitting individual workers' computers with multiple phishing scams to install malware.

Insider involvement accounted for 58% of all breaches in 2016; of these, 53% acted inadvertently, while 5% acted with malicious intent. To limit this damage, banks have to work harder to educate staff about cyber-security, and up their fraud-detection mechanisms.

This suggests that cyber defense has to begin with cultural overhauls, rather than technical ones. That more than half of banks' breaches are caused by employees highlights the futility of their investing in cutting-edge core systems to bolster security without rigorously educating staff and improving governance first.

Arguably, even the best tools are only as good as the employees using them. The pressure to reform will only continue to increase as the General Data Protection Regulation (GDPR) comes into effect, mandating banks to report all breaches within hours, or face fines and penalties.

Open banking is the democratisation of access to data previously exclusively owned by legacy financial institutions.

The open banking trend is being driven by a number of factors and will ultimately become the norm. That means retail banks need to rethink their business and operational models if they want to maintain the positions of dominance in the financial ecosystem.

Sarah Kocianski, senior research analyst for BI Intelligence has compiled a detailed report on open banking that explores the drivers behind open banking in detail, outlines the options for banks as they look to update their business and operational models, and explains the likely potential winners and losers of open banking.

Here are some of the key takeaways:

•    Open banking is most often facilitated by a technology known as Application Program Interfaces (APIs) which have enabled the business models and success of some of the most well-known startups of recent times.
•    There are a number of drivers behind the open banking trend, the most obvious of which is regulation that forces banks to give customers access to their data, or enable permissioned third parties to access their data.
•    Banks adopting open banking are taking a number of different approaches, from just taking the necessary steps to comply with regulation, to actively embracing the concept in an effort to maintain their retail banking dominance.
•    Banks are using different models of open banking, including app stores and sandboxes. Which model, or combination of models, a bank adopts depends on its priorities and the drivers it finds most imperative.
•    Open banking will have a significant impact on fintechs. With access to banks' systems and vast data stores, fintechs will be able to provide more personalised products, while operating with greater autonomy. However, open banking will also increase fintechs' regulatory and cyber-security burdens.

In full, the report:

•    Explains the concept and mechanics of open banking.
•    Outlines the drivers behind its increasing adoption by global retail banks.
•    Highlights the different approaches banks are taking to open banking, and explores the advantages and disadvantages of each.
•    Explores the future of open banking, including its impact on fintechs.

Business Insider:

You Might Also Read: 

Banks Lack Confidence They Can Detect Data Breaches:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

European Privacy Directive: Encryption Without Backdoors:

EU General Data Protection: A Milestone Of The Digital Age:

EU Protects Online Data Quite Differently From The US:

 

 

« Threat Intelligence Starter Resources
UK Proposes Online Surveillance In Real-Time »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.