Information-security attacks seemingly ramped up right along with the virus last year. Federal agencies from the FBI to the U.S. Cybersecurity & Infrastructure Agency issued warnings and directives to the banking sector. The BankOnIT cyber-defense control center last year logged a greater than three-fold increase in attack attempts.
Information security rises to the top of the list this year. Already in 2021, one state banking trade association was compromised and issued an advisory to members to disregard what appeared to be an email from a staffer regarding an open invoice. It is not the first time this has happened. State banking trade associations, CPA firms and others that work with banks have all come under attack by sophisticated cyber attackers. The reason why is that cyber attackers know if they can compromise the email account of a known and trusted individual at one of these organizations, they will have a much greater chance of success in getting malicious content through to the bank’s network.
It’s a form of social engineering. When a targeted individual sees an email from someone they know, trust and like the individual being targeted is more likely to let their guard down and that is what the cyber attackers are counting on. Frequently these attacks also occur late in the day or on a Friday, counting on the fact that people may have “mentally checked-out” for the day, making threat mitigation tougher when the attack is discovered after hours or the next day.
It’s difficult to understate the level of resources that criminals, including those doing the work of nation states, are mustering in an attempt to compromise bank networks. It requires not only solid information technology resources but also diligence by everyone to keep the bank secure.