Technology has brought us online and mobile banking to make managing your funds and paying at registers a breeze, but they also act as a major threat to the security of banks everywhere. According to a report from the Identity Theft Resource Center, “The cost to a financial institution facing a cyber attack specifically targeting their online banking services costs an average of $1.8 million.” CEO of JPMorgan Chase, Jamie Dimon recently stated that he believes cybersecurity is the biggest threat to the financial industry.
No Stranger to Cyber Attacks
Dimon knows what he’s talking about as Chase suffered a cyber attack in June of 2014. Hackers in this breach were able to access sensitive data including usernames, addresses, phone numbers, and email addresses of over 76 million households and 7 million small businesses.
Hackers obtained a list of applications and programs that were on the JPMorgan computer system and checked for the vulnerabilities in each program to find an entry point for the attack. This cost Chase over $1 billion, though at the time, they had already spent $250 million on cybersecurity annually.
Largest Cyber Threats to Banks
The majority of banks keep all of their customer’s information on computer networks. While this makes storage much easier, it also poses more security risks. There are a variety of security threats to financial institutions such as:
- Unencrypted data
- Backdoor and Supply-Chain Attacks
- Employee attacks from within
With mobile banking apps becoming the norm for everyday financial transactions, people’s personally identifiable information (PII) is more vulnerable than ever. Alissa Knight, an ex- black hat hacker who works for Aite Group’s cybersecurity team, was recently interviewed about her findings regarding mobile banking.
The results of the study did not give bankers peace of mind. Knight found that many apps for top retail banks, stock trading, and even car insurance were hard coding private keys into their app. Additionally, there was no certificate pinning, which allows for secure connections within the app without relying on the security of a device.
Knight explains that companies do not understand the vulnerabilities behind not shielding their code and protecting their API (Application Programming Interface). While many companies struggle to protect their information, JPMorgan Chase has bounced back from their attack by investing $600 million a year in an effort to protect themselves from cybercriminals.
Doing What It Takes to Stay Secure
Dimon wrote in his annual letter to the shareholders of JPMorgan that the company remains devoted to protecting the privacy of its customers. He says, “…the financial system is interconnected, and adversaries are smart and relentless – so we must continue to be vigilant.”
In a 2016 study by the Identity Theft Resource Center, 28% of respondents left their bank because of unauthorized activity on their accounts. Chase is currently inventing new products to make it easier for customers to know where their data is sent once they give permission for it to be used. While they are taking initiative, Dimon says the government needs to do more.
“It is imperative that the U.S. government thoughtfully design policies to protect its consumers and that these policies be national versus state-specific,” Dimon says. While each state currently has its own laws, there is a definite outcry for nationwide regulations
Ensuring Security and Retaining Customers
Due to the mass amounts of data and money that a financial institution carries, they are constantly at risk for hacking. Our SecureDrives can be easily introduced into any banking operation to ensure security. The SecureDrive KP can only be unlocked using the unique PIN and with military-grade hardware encryption, it successfully eliminates any chance of a data leak.
The SecureDrive BT is unlocked using the app on a mobile device. On iOS devices, it even offers convenient and secure Face ID and Touch ID authentication. The drive offers remote management features to allow for geo and time fencing as well as remote wipe. An ideal feature for businesses is the admin’s ability to see a log of who accessed the drive and when. If a disgruntled employee leaves the company, a banker can simply force a password reset to prevent the user from accessing sensitive company data.