{Cyber Attacks:} plantemoran.com. Is your bank at high risk?

Transcription

1 {Cyber Attacks:} plantemoran.com Is your bank at high risk?

2 Large financial institutions continue to make the front page in the ongoing onslaught of cyber attacks.

3 Large financial institutions continue to make the front page in the ongoing onslaught of cyber attacks. However, small and medium-sized banks and credit unions may be just as vulnerable, if not more so. Due to smaller budgets and limited personnel wearing multiple hats, resources that are already stretched thin due to ever-increasing regulatory requirements make it even more difficult for these institutions to invest the same level of diligence as larger institutions. Yet, even with the increased level of security and regulatory scrutiny, we ve seen the big banks continue to fall victim to these recent attacks. Enter the FS-IAC Financial Services Information Sharing and Analysis Center (FS-IAC) was established by the financial services sector by Presidential Directive 63 in That directive mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure. FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber-threat alerts and other critical information to financial institutions. This information includes analysis and recommended solutions from leading industry experts. In addition, the center is constantly gathering reliable and timely information from financial services providers; commercial security firms; federal, state, and local government agencies; law enforcement; and other trusted resources. On September 19, the FS-ISAC issued an alert notifying U.S. financial institutions that they re now at high risk of cyber attacks. The advisory issued by the FS-ISAC included a warning that a known flaw in Microsoft s Internet Explorer had been the cause of some exploits. Microsoft has since issued a patch for the zero-day vulnerability. 1

4 Financial Institutions Are at High Risk What Does This Mean? The FS-ISAC classifies financial sector threats surrounding cyber threats and physical threats. The alert levels range from low, guarded, elevated, and high, all the way up to severe. Currently, the cyber threat is high, whereas the physical threat is at elevated. What does this mean? There s a high risk of cyber attacks. Issues of concern include recent credible intelligence regarding the potential for denial of service (DDoS) and other cyber attacks against financial institutions. Members should maintain a heightened level of awareness and apply all appropriate updates, particularly for the Microsoft out-of-band bulletin for Internet Explorer and Cisco security advisory releases. The Current Climate Bank of America, JP Morgan Chase, Wells Fargo, and PNC have all experienced periodic website outages in recent weeks. Though sources for the banks have been fairly tight-lipped about the cause for the outages, many are speculating the outages are due to malicious attacks such as DDoS and zero-day exploits. A zero-day attack is an attack that exploits a previously known vulnerability in an application, meaning that developers have had zero time to address and patch the vulnerability. The group identifying itself as Izz ad-din al-qassam Cyber Fighters has claimed responsibility for some of the attacks, according to betabeat.com. DDoS attacks seek to disrupt computers, networks, and websites by overwhelming the target with endless traffic. They can prevent legitimate communication between internal and external network traffic. PNC experienced this type of attack, which left its customers unable to access its website for an extended period of time. The banks have all struggled with the inability to serve customers through their online and mobile banking channels as a result of these recent malicious attacks and more cyber attacks are possible to occur. Banks should be taking precautions. Bring-your-own device and remote-access employees should be an institution s highest priority. The amount of malware attacks could be significant. Also, security-awareness training should be completed as soon as outbreaks have been reported. Banks should advise employees to keep an eye out for any unusual activity and phishing s. Bank employees should never click on any links from s or give out their usernames or passwords. 2

5 Ensure Your Institution Isn t the Next Victim The Federal Bureau of Investigation, Financial Services Information Sharing and Analysis Center, and Internet Crime Compliant Center offer helpful recommendations to assist in mitigating this online risk. Several notable recommendations are listed below: System Hardening Windows & application patches. Remember to keep your systems up to date on critical and high priority application patches, including the recent Microsoft releases that are distributed on Patch Tuesday. Also, ensure antivirus updates are occurring regularly. Security software and hardware. Intrusion prevention and detection systems and security applications such as antivirus and security suites add layers of security to your network. These layers help prevent or, at the very least, delay an attacker from disrupting your network. If the attacker is successful, many security appliances and applications offer an automatic notification in the event of intrusion. Internet browser security. According to the United States Computer Emergency Response Team, one of the most important things you can do to protect yourself from vulnerabilities is to secure your internet browser. This is one time where less is not more. A good practice is to provide only the authorizations and services required to perform their duties. A few changes that you may want to consider in order to secure your browser are: Set the Internet and local intranet security zones in Internet Explorer to high. Disable ActiveX controls and Active Scripting from running automatically. Override automatic cookie handling. Consider using alternate web browsers in the event known vulnerabilities exist in your default browser. Visit the website for your internet browser provider to get additional tips on securing your browser. Restrict web browsing from PCs used by the institution for wire and ACH transactions. 3

6 Implement dual approval for wire transfers that exceed a specified amount. Remove instructional manuals from online access. Limit employees ability to remotely access internal networks and work-related s from personal devices. Education Be aware and cognizant. Communicate with other financial institutions and industry associates to stay on top of emerging fraud trends and schemes. Educate employees. Train employees about the importance of securing sensitive information. Advise employees to keep an eye out for any unusual activity, and offer tips on how to identify a phishing and what to do if they receive any phishing s. Train employees to recognize social engineering attempts and to never give out their usernames and passwords. Monitoring Event logging and reviews. Regularly review system events for attempted malicious attacks. Monitor employee log-ins for suspicious file access or log-in times. Monitor site traffic spikes, which could indicate a DDoS attack. Policies, Procedures, and Action Test your controls. If in-place controls aren t tested regularly, there s a good chance that those controls are ineffective. Regular internal and external vulnerability tests as well as penetration testing by an independent third party will help your organization identify possible weaknesses. Know what s at risk. Review your information technology risk assessment and understand the flow and location of your sensitive data. Are additional controls needed to manage the increased risks associated with frequent targeted malicious attacks? Lead from the top down. To be effective, security must be the responsibility of all employees. Dust off your Incident Response Plan. Make sure your organization has a plan for responding to a malicious attack. Prevention Is Key Cyber attacks aren t going away; in fact, they re only becoming more sophisticated. It s important that financial institutions do what they can to prevent these attacks from occurring. For more information, contact one of the authors. (Jennifer Whiteside, Angela Arnett-Corson, Jenny Trotta) 4

7 october 2012 The Authors Jennifer Whiteside Angela Arnett-Corson Jenny Trotta

8 plantemoran.com