Data breaches negatively affect a financial institution’s bottom line. But even worse and harder to recover from is the damage to your brand. It’s an arms race between bad actors and the threats they have in their arsenals versus a financial institution and the defenses they have in place—and the balance is in constant flux. The prize the attackers are after is worth it and extremely valuable: customers' personally identifiable information (PII).
DDoS attacks now represent a whopping 41% of all threats reported at financial institutions. And if successful, they take the “services” out of financial services. Common impacts include customers suddenly being unable to access banking apps for core services, slowing your network to a crawl, and even taking you offline entirely.
DETECT by having a way to quickly compare with normal network traffic–knowing what an attack condition looks like.
STOP by using IP blocking based on content, geolocation, and traffic rate.
Security incidents at financial sercices organizations, as reported to the F5 Security Incident Response Team
Brute force and credential stuffing attacks are the holy grail for bad actors and do the most damage: customer takeovers and account lockouts.
Prevent via strong password policies and multi-factor authentication (MFA).
Stop via early detection and identifying increases in failed logins.
The good news is, web attacks are actually decreasing, and represent just 9% of the current security threats to financial institutions.
Prevent via keeping up to date on patches for web apps and related technologies and conducting penetration tests against web applications.
Detect using a web application firewall (WAF) for web protocol inspection.
Given the enduring prevalence of the attacks listed above, it’s not surprising that most of the targeted tech involves some kind of authentication technology, whether that’s login pages, APIs, or Anonymous File Transfer Protocols (AFTP). Websites and DNS are both susceptible to attack either via the exploit of vulnerabilities or DDoS, so it’s not possible to tell how those vectors map to these targets.
Compared with other sectors, the banking industry tends to place greater importance on substantive and overarching cybersecurity programs. Still, it faces many of the same challenges that other industries do when it comes to building and maintaining security programs in the face of both attacker trends and entropy.
Learn about the security solutions F5 offers for financial services to help you minimize both risk and cost.
Find out more