When it comes to cybersecurity, in an ideal world it’s important to balance planning for how to minimize risk in the event of an attack while ensuring minimal impact to users and the business. That’s the way it works if all goes according to plan (spoiler alert: it usually doesn’t!)
Certainly nothing went according to plan for the banking industry in recent months. The collapse of three major banks – Silicon Valley, Signature and First Republic – took many by surprise. While there are many factors that went into the collapse, including bad management and loose regulatory oversight, there was a secondary effect of the banks’ collapse that should give all cybersecurity professionals pause. When panic ensued, new avenues of attack opened up for bad actors looking for new phishing attack vectors. For example, a simple email sent to a panicked bank customer without multi-factor authentication (MFA) implemented could result in stolen credentials and a breach.
This begs an important question: How can financial institutions be better prepared the next time new phishing attacks appear during a crisis?
Following the bank run in which SVB customers withdrew $40 billion (one-fifth of SVB’s deposits) in a matter of hours, customers were deluged with phishing attacks in the form of deceptive emails full of fake news – often pointing to hastily registered domains designed to steal credentials. A similar fate befell First Signature (which is even larger than SVB) and Signature when it became clear they were in the same overextended position that SVB was.
The crisis that started with SVB may not be over yet. It has put financial institutions on notice that the strongest form of phishing-resistant MFA should be in place before the next bank run puts the whole industry at risk. Small and regional banks may be even more vulnerable, as upgrades tend to move slower and they may still be using legacy systems for authentication.
In addition to upgrading IAM systems and investing in FIDO-based phishing-resistant authentication technologies, banks and the entire financial services industry can prepare employees and customers in the following ways:
Remind both employees and customers of the dangers of phishing attacks and what kind of malicious emails they might receive during periods of increased threat. Additional training on different types of phishing attacks — spear-phishing, vishing, or DNS spoofing, for example — is also important.
Put manual account/payment change procedures in place ahead of time and have a clear customer communication plan about each step. This is especially important for dealing with vendors who may be running the process — no account changes should happen without an actual call and human interaction, either between vendor and customer or vendor and institution.
Incorporate a Zero Trust security model and tighten security internally across the company for all employees, limiting both physical access to critical systems and data and privileged access.
Implement phishing-resistant authentication, such as hardware security keys like YubiKeys, to provide higher security, user experience and reliance for customers. Security keys help financial service organizations protect against fraud by stopping account takeovers and targeted attacks by offering high-assurance MFA for employees, contractors and privileged users, so only authorized users have access to critical business and customer data, and critical systems like payroll and trading.
Most banking infrastructures have a mix of legacy on-premises and private or public cloud-hosted services. Regardless of where applications and data reside, banks need to ensure they are protected against unauthorized access. Following these steps will ensure proper security moving forward, and that you can be prepared in the face of another crisis, and improve customer relations by showing them care and forethought has been given to their financial security.
To learn more about how finserv can upgrade to higher-reliance systems, read our whitepaper, “Securing financial services with phishing-resistant MFA.” Read our recent blog about how banks need to act now to avoid non-compliance with new Consumer Financial Protection Bureau (CFPB) guidance here.
The post What do the three recent bank collapses mean for cybersecurity in financial services? appeared first on Yubico.
VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.
The shop that sells yubikeys is https://vaultumcity.com/product-category/yubikey/
Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at https://vaultumcity.com/contact/ whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.
If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.
What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.
Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.