BID Daily Newsletter
September 08, 2017

BID Daily Newsletter

September 08, 2017

Analyzing Online Banking & Cyber Risk

A Bloomberg analysis of company earnings calls and other corporate events for the most recent quarter shows the top 3 things executives are most worried about based on analyzing the transcripts. It finds the term Amazon was mentioned the most by far. Over the past 90 days in the analysis, Amazon was mentioned almost 400% more often (635x) than President Trump in second position (at 162x) and wages in the third position (at 111x).
No matter how often you mention things at your bank, as an industry, bankers talk a lot about cybersecurity risks. That is because it is scary and a security breach can be very costly too.
For instance, a recent Kaspersky Lab report on the financial sector puts a figure to this issue. It finds a cybersecurity incident involving a bank's online banking services costs the bank $1.75mm on average. That's 2X the price of recovering from a malware incident, which costs as much as $825k on average.
According to Kaspersky, 61% of cybersecurity incidents affecting online banking pile on extra costs for the targeted institution. These extra expenses include data loss, reputational loss and confidential data leakage, among other things.
Certainly, the dollars involved in cleaning up cybersecurity attacks aren't trivial, which underscores the importance of banks implementing appropriate measures to ward off potential trouble.
Distributed denial-of-service (DDoS) attacks are becoming more prevalent, powerful and costly for banks. Earlier this year, for instance, Lloyds Banking Group came under a DDoS attack that hampered access to its online banking services for about two days, according to published reports. Banks in South Korea have also recently been threatened with DDoS unless they pay several hundred thousand dollars in bitcoin.
These attacks are typically designed to immobilize banking websites. The report shows that when organizations are attacked by DDoS, customer-facing resources suffer more in banking than in any other sector. A notable 49% of banks that have suffered a DDoS attack have had their public website impacted vs. 41% of non-financial institutions. What's more, 48% of banks have had their online banking services affected when targeted by DDoS.
Despite the high occurrence rate, the report also shows that banks aren't placing as much emphasis on warding off threats from DDoS as they are for, say, malware and targeted attacks. This is true, even though DDoS is more costly to recover from compared with a malware attack. The report found that a single DDoS incident can cost a financial institution $1.17mm.
To be sure, there is no magic bullet to ward off cyberattacks of any sort, but that doesn't mean banks shouldn't take proactive steps. There are several best practices to follow.
For instance, it's important to locate servers in different data centers and ensure those centers are on different networks.
What's more, certain types of attacks have been around for a long time, so continually update patches and hardware.
Another good idea is to scale up your network bandwidth and identify outsourcing partners who specialize in responding to attacks to have extra support.
No bank wants a problem when it comes to cybersecurity because the stakes are simply too high. The benefit of better securing your systems, remaining diligent and continually educating and adapting your teams and company far exceeds the price you'll pay should a breach occur.
Now may be the time to shore up your system against any such attacks before they happen. At least then you can start to mention it in your earnings calls.