Bank robbery has been happening as long as there have been banks. But today’s robbers use keyboards instead of pistols and ski masks.
The biggest bank heists aren’t a single hacker emptying your granny’s bank account from his basement. Cyber-attacks are highly organized, systematic, and brutal.
Imagine a massive bank that holds the commercial loans of thousands of small businesses. Now imagine what would happen if a terrorist simply deleted all that data. The panic and chaos that would follow is hard to fathom.
While banks have done a good job preparing for computer failures from things like natural disasters or power outages, large scale cyber-attacks are much harder to counter.
Why the security you have likely isn’t enough
Most banks spend a massive part of their budget on cybersecurity systems. They put up firewalls and create multiple backups. These are good measures, but are they enough?
If all it takes are the right credentials to access the backups they can be deleted or corrupted just as easily as the original files. Hackers are routinely successful accessing credentials. According to a report conducted by Positive Technologies published in Computer Weekly, “employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form.”
What can banks do to protect their data?
- Start by identifying business-critical data. Segment your network to wall off this data with extra layers of protection.
- Disburse your backups – use a combination of synchronous and asynchronous backups, cloud and offline storage.
- Employ write-once storage that cannot be corrupted or deleted.
- Use physical lock-and-key systems to protect offline backups.
- Rigorously monitor, test, and recalibrate systems as needed. IT systems are routinely updated and upgraded. Make sure your security patches are also being updated.
In today’s world of digital convenience, it pays to be ready for digital catastrophe.