Like many other businesses, banks are migrating to the cloud. This brings innumerable advantages, from increased efficiency to instant account access for customers.
However, it also brings the danger of increased vulnerability to cybercrime. While cyber-attacks have increased vastly in all sectors during recent years, this is particularly acute in the financial sector — a 238% increase during the first half of 2020, according to Vmware.
Migration to the cloud in the financial sector has been generally lower in Africa than in areas like Europe and North America. However, this is likely to change in the coming years, which will expose African banks to both the benefits and risks of the cloud.
Cyber attacks come in many different forms, meaning your security needs to be spread over a broad front. That makes it essential to have a suite of cyber security that can deal with every type of threat. Fortunately, that’s exactly what our partner Utimaco supplies.
What Are the Main Cyber Security Threats to Banks?
Phishing Attacks
Phishing attacks are most commonly made via email, with links and attachments the means of infecting the system. Opening these will either release malware onto the computer, and from there throughout the network, or else install a website that harvests customer data.
Data loss can be expensive to a bank, both in terms of reputation and the possibility of large fines. This makes it essential to have your data encrypted, for example by Utimaco’s u.trust Data File, so that even with access to one or more computers, cybercriminals are blocked from sensitive data.
Ransomware
In its simplest form, ransomware locks the owner out of their data, making it difficult or impossible for them to continue trading unless they pay a ransom. However, if they refuse to pay — perhaps because they’ve taken the precaution of having the data fully backed up — the criminals may begin releasing sensitive data, such as customers’ details, on the dark web.
This would clearly be disastrous for a bank, often resulting in massive fines, or even prison for directors, as well as a widespread loss of confidence.
Vulnerabilities
While many cyber attacks are made by tricking your employees into supplying access, criminals will take advantage of any vulnerabilities in your systems. Recent examples of vulnerabilities affecting the financial sector have allowed cybercriminals to use:
- SQL Injections, allowing them to give your system instructions of their choice.
- Cross-Site Scripting (XSS) to bypass your access controls.
- Local File Inclusion (LFI), allowing them to take control of the server’s access logs.
- OGNL Java Inclusion, which can leave systems vulnerable to various attacks.
Distributed Denial of Service
Supply Chain Attacks
Most financial organisations use third-party vendors, who may have access to some of their crucial systems, such as payment portals. If the vendor has less-rigorous cyber security than the organisation itself, this may offer cyber criminals an easier route of access.
The European Union Agency for Cybersecurity has found that in 66% of supply chain attacks, the vendor either didn’t know they’d been compromised or else failed to report it. Such a failure not only makes it harder for a bank to defend against this route of attack but also potentially increases the damage and therefore the penalties imposed by regulators.
The best defence against this type of attack is to use zero trust architecture, which assumes all devices are hostile until proved otherwise. Utimaco’s solutions approach cyber security on a zero trust basis, making it more difficult for criminals to break into your systems, even with access to third-party vendors.
Utimaco Offers Robust Cyber Security Solutions for Banks
Utimaco’s solutions include:
- u.trust Data File, which provides role-based encryption of sensitive data, putting it beyond the reach of cybercriminals, even if they gain access to your systems.
- DiskEncrypt, which securely encrypts your hard drives, ensuring all your data is protected from any attack that gains access to your network.
- KeyBRIDGE TokenBRIDGE, which provides a complete solution with a built-in HSM, database and token management system, preventing access to your files from being compromised.
Astel Supplies Utimaco’s Solutions Throughout Africa
Utimaco is a leading supplier of cyber security systems for financial organisations in North America, Europe, Asia and other regions, but we’ve recently entered a partnership with them to resell their solutions throughout Africa.
Astel not only has access to the most up-to-date versions of Utimaco’s solutions but also fully understands the security needs of banks in Africa.
Get in touch with us to find out more about how Utimaco’s cyber security solutions can help you.