Tamer Odeh, Regional Director at SentinelOne in the Middle East, speaks to Security MEA and highlights various cyber risk banks face with the rising preference for digital banking and also suggests solutions to stay safe while banking digitally.
What are your thoughts on the most recent findings on digital banking?
It’s great that the appetite for digital banking is on the rise in the UAE, with 76% of people preferring digital banking. However, with all the cyber threats that exist today, banks are more vulnerable than ever to becoming the next victim of a malicious cyberattack. it is important to remember to take precautions since cyber actors are targeting banking information. They use banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device. The trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app.
According to the researchers, the average person uses almost 200 online services that require passwords. With many users unaware of basic password security and many organizations failing to stop data breaches It is highly critical for people to consider security factors such as using two-factor authentication when they are accessing their mobile banking services and making sure they’re using legitimate applications.
What are the types of cyber attacks that usually target banks?
A common type of cyber attack is ‘credential stuffing’ which targets personal data of banking customers through using credentials on stolen accounts. Through that, hackers can have access to user accounts using automated large-scale login requests. The information that hackers usually steal can then be leveraged by them to try to gain access to critical IT infrastructure.
Additionally, another way banks can encounter cyberattacks is through the cloud services that banks might have. Even though cloud services are useful in improving banks offset IT expenses, enhancing system uptime, and making sure that data is secure, there are some risks when it comes to customer data and security. With so much information stored on the cloud, particularly for the use of public services, cloud providers have become easy targets for malicious attackers looking to gain access to financial institutions.
Moreover, some of the most common ways cyberattacks occur are through phishing which happens when an attacker deceits an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack.
Ransomware is also a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee.
Finally, one of the ways a cyber attack can occur is through exploitation in the Internet of Things. Even though most exploitation attempts come from software vulnerabilities, they can also begin from vulnerable pieces of hardware. This means that if employees’ devices or even routers in a bank are connected to an unsecured network, it can put an entire organization’s digital infrastructure at risk.
What can banks or bank users do to take extra precaution at a time when cyberattacks are increasing?
Banks should ensure they assess their cloud security by reviewing their cloud infrastructure and updating it as well as monitor it’s security by using a vulnerability management tool to help automate threat detection and protect against potential threats before they become a problem.
Is there anything employees at banks can do to help in being more precautious with the cyber attacks?
Yes, increasing awareness among employees is highly important since prevention cannot be successful if employees are not able to detect illegal activities and respond immediately. Hence, banks should start training modules for their employees to enhance their security.
The implementation of training programs is also important in order to help their employees understand basic things they can do in order to prevent any attack from happening. Banks should also train their employees in anti-fraud measures for detecting irregular transactions in order to alert their customers and prevent potential losses. As part of the training, banks may include replications or case studies for cyber-attacks and/or case studies so that employees can understand the threats they are likely to face and are better equipped to react to cyber offences.