Criminals are increasingly becoming more sophisticated and using a wide range of tactics to steal money from financial institutions, forcing banks to fight back with more layers of security.
To help financial institutions keep up with attackers' evolving tactics, IronKey unveiled a multilayered online banking security platform that allows IT departments to roll out different levels of security for various customer segments, the company said Sept. 7.
Instead of IT departments investing in different tools to provide varying levels of security controls for business customers and consumers, the IronKey Trusted Access Platform will help banks roll out a mix of controls, such as a secure browser, out-of-band authentication, smartphone applications, secured portable devices and data analytics, Kevin Bocek, director of product marketing at IronKey, told eWEEK.
Cyber-crime has been around awhile, but attackers have started zeroing in on bank customers with phishing attacks only within the last 10 years, according to Dave Jevans, chairman of IronKey and the Anti Phishing Working Group. Financial institutions are scrambling to ensure their systems are secure and that they don't become the next data breach victim.
Attackers also have the luxury of switching targets. If they can't break into the financial institution's networks or trick the employees, they will take the "path of least resistance" and simply target the customers through spam and phishing emails, he said.
Attackers have shifted from targeting random users at a financial institution to going after individuals with corporate accounts, the ones with authority to transfer funds, Jevans said. It's no longer just about credit card numbers or PayPal accounts, according to Jevans. Cyber-criminals are interested in targeted attacks, and it's an "inevitable next step" that the next victims will be individuals with millions in assets, people with control over various accounts, such as traders.
A "whole generation" of crimeware kits has evolved rapidly over the past 18 months, Jevans said, as malware developers roll out monthly updates to the development toolkit and sell extra add-ons to the software. Many of the developers are professional malware writers, and in many countries, it's not illegal to develop this kind of software, Jevans said. Using it is against the law, of course.
Security is all about risk assessment, and security managers are "thinking, 'What's the right level of security for my customers?'" Bocek said. Larger banks may want to define more customer segments, based on the size of assets or even by region, while smaller institutions may just have two segments, he said. Regardless, attackers are going after financial institutions of all sizes, so it was important to consider multilayered approaches to security, according to Bocek.
This article was originally published on 09-08-2011