Experts share tools, tips to prevent bank data breaches

Data breaches remain one of the biggest issues for every industry, especially banks. It impacts not just big banks, but also smaller banks and fintechs. Despite efforts to fix the problem, hackers continue to find ways to get around bank security and steal critical information from millions of customers.

Key examples

In June 2022, Flagstar Bank, based in Michigan, experienced a data breach that leaked Social Security numbers of nearly 1.5 million customers, along with other sensitive banking information, according to a blog by Upguard.

On March 2019, former Amazon Web Services software engineer Paige A. Thompson accessed a server storing Capital One's data to steal 100 million credit card applications going all the way back to 2005.

Another famous example is when Equifax failed to patch a vulnerability for its open source framework and didn't segment its ecosystem, so attackers were able to get into multiple servers. Once there, they found usernames and passwords in plain text. They were able to do this for months without detection, and when Equifax found out, the company waited more than a month to reveal the breach.

Security

As a result of all these events, financial institutions have made security a key component of their agendas. They largely do not have a choice, as data from SailPoint, an identity security company, revealed that 93% had faced a breach in the last two years, with the most common breach being ransomware/malware at 41%.

"One of the most striking statistics we saw in the State of Identity report was that 93% of respondents indicated that they have experienced a breach within the past two years. That's a pretty sobering number, and it underscores the fact that today's financial services institutions can't just focus on preventing attacks," Grady Summers, EVP of product at SailPoint, said in an email interview.

The causes

So how can financial institutions stop these attacks? Summers says that while stopping all of them is impossible, there are a few tools financial institutions can utilize. But, first they need to recognize the key causes of breaches, such as "poor cyber hygiene," which include aspects such as weak passwords, failure to install patches and lack of training for detecting phishing emails.

"These [causes] can be included under the umbrella of the third cause, which is poor identity security. Financial institutions need to keep a particularly close eye on their identities — how they are being used, what information and systems they have access to, and where they are logging in from, among other factors. The ability to detect when an identity is behaving suspiciously can help minimize the damage from breaches caused by social engineering attacks and poor cyber hygiene," Summers said.

Identity security

With identity security, Summers said it is key to manage permissions within organizations so that even if a hacker gets a hold of login credentials, banks can limit the damage.

"It's not just about preventing attackers from getting their hands on identities, it's about limiting what they can do with them," Summers said. "For example, overprovisioned identities that have access to more systems or data than they actually need to perform their job functions pose a real risk, because an attacker who gains access to that identity could cause significant damage."

In order to prevent this, Summers said banks need to limit user's permissions to only what is an essential job function.

"For example, if an attacker compromises, a sales rep's identity, they won't also be able to access, say, human resources databases or payroll systems. So while any compromise is unfortunate, the more you can do to avoid widespread impact as a result of a breached identity, the better."

On the prevention side, Summers said it is key for employees to be able to recognize phishing attacks so they are less likely to fall for it. But if they do make a mistake, they also need a way to report their mistake without fear of losing their job.

"Not only does this allow the organization to act quickly to remediate the potential damage, it can provide insight on which phishing tactics are most successful and allow them to adjust their training programs appropriately."

Automation tools can also play a role to build up secure lines of defense.

"Automation and AI are powerful technologies that can help deliver strategic benefits. First, it can be leveraged at enterprise scale to build effective controls and strengthen first, second, and third lines of defense," Sanghosh Bhalla, assistant VP and senior consulting principal, Banking and Financial Services, Cognizant, said in an email interview. "Second, it can enable operational resiliency in the system to fight against financial crime and maintain compliance with never ending changes in regulations. Third, it can help build customer intelligence to deliver personalization and drive relationship primacy."

Conclusion

Lastly, to tie all this together, Summers recommends banks have an identity security solution in place that can detect suspicious behavior. Banks should also pick solutions that can provide insights into what permissions are appropriate for each role to create the most security environment possible.

"You can't stop 100% of attacks, but you can limit the damage," Summers said. "Financial institutions will always be a target for attackers, but focusing on improving identity security can help ensure that a single compromised identity won't be the downfall of an entire network."