The financial services industry is consistently among the most highly targeted industries for cyberattacks. Financial services institutions (FSIs) are a popular and frequent focus of attackers because, to quote famed bank robber Willie Sutton, when asked why he robbed banks: “That’s where the money’s at.”
There has been a marked increase in the number of phishing attempts on bank customers. These phishing attacks typically attempt to steal online banking credentials, download malware such as keyloggers onto customer devices, and more. But, there has also been a significant increase in phishing attacks on banks and FSIs themselves, particularly for employee credential theft. Because, once an employee’s credentials have been stolen by an attacker, they have the ability to access customer information, employee data, even finances.
Among the most common cyberattacks perpetrated on FSIs continue to be phishing attacks, watering hole attacks, drive-by exploits, and, of course, ransomware.
Many large, national and international FSIs experience upwards of tens of thousands of cyberattacks daily. And, any successful cyberattack on an FSI can conjure fear, uncertainty and doubt in its customers and in the market.
So, there is a great deal of pressure on FSIs, their senior management, and especially on their security and IT teams to ensure that those thousands or tens of thousands of attacks are unsuccessful, or else there can be a loss of customer confidence, business reputation, stock value, and even fines by federal, state, and local government and regulatory agencies. That all can lead to lost security and IT, even C-level, jobs.
With the frequency of cyberattacks against FSIs, it’s clear that legacy security solutions that claim they can block up to 99.9 percent of cyberattacks are woefully inadequate. Because, all it takes is a single employee or contractor in just one bank or FSI branch office to open an email from an unknown source, download a file from a compromised website, or in any other way fall victim to a cyberattack.
So, it’s time to abandon the detection approach. A new approach is needed, and that new approach is isolation.
An isolation platform can prevent these attacks by dramatically reducing user device attack surface. Isolation protects employees and contractors from phishing and spear-phishing, web-borne malware, credential theft, drive-by exploits, watering hole attacks, and more, while not interfering with the user experience, and even in some cases enhancing it.
Download this Best Practices Guide to Isolation, which is intended to provide banks and other financial services organizations with the best practices for selecting and deploying an isolation platform for web, email, and documents, consolidated from hundreds of successful customer environments and deployments.