Banks still behind the eight ball with IT security
August 21, 2014

The financial services industry has been one of the more proactive players in the way on cybercrime throughout the past several years, but the fact remains that breaches are still becoming more commonplace with the passing of each year. Banks have a more difficult task of protecting information from breach and theft than others, especially as hackers target these firms so frequently and a wide breadth of moving parts are in place. 

For example, financial institutions have had to quickly adapt to the dramatically evolving demands and preferences of consumers, such as through the deployment of mobile banking applications to complement online and physical teller services. Consumers and business owners appear to be interested in a 360-degree view of their accounts, accessing them through mobile devices, desktop computers and much more. 

As security can get a bit trickier when a wider breadth of access points are in play, banks must ensure that they are taking a modern approach to the current ebb and flow of security. When the only protections that are in place are comprised of traditional passwords and credentials, it might be a sign of a more timely need for security overhauls that involve advanced identity and access management solutions. 

Deja vu
Bank Info Security recently reported that a case similar to the landmark trial between PATCO Construction and Ocean Bank several years ago has surfaced in Tennessee, as firm has sued its financial institution because of fraud. As a reminder, the bank lost in the previous trial, with a high court stating that the institution failed to implement "commercially reasonable" controls to protect the accounts and data of its clientele. 

According to the news provider, Tennessee Electric Company has sued TriSummit bank to the tune of $278 million, which it believes was lost due to fraudulent automated clearing house payments conducted roughly two years ago. In many instances, it will be a matter of investigating the root cause of the breach, as well as what occurred in the time leading up to the event within both of the organizations' workplaces. 

"Based on the information presented, this case does not have a situation where the customer failed to use a certain security procedure or refused a security procedure," security expert George Tubin told Bank Info Security. "The fact that the customer was infected by malware, which enabled this fraud, will not be viewed as something the customer did wrong. Anybody can get infected with malware, unless they're utilizing commercial-grade anti-malware software, which is usually only provided via the financial institution."

The source noted that it has yet to be seen whether this claim will land in a court, but asserted that the bank's best interests might be served through a settlement before the trial escalates. 

Behind the numbers
Back in May, the Ponemon Institute released its report on the global damages incurred following data breaches this year, revealing that the cost per each victimized firm increased by roughly 15 percent in the preceding 12 months. The 2014 Cost of Data Breach Study: Global Analysis also found that the collateral damage associated with breaches was especially high among financial institutions, health care providers and pharmaceutical firms, as these entities were more likely to lose clientele. 

In the modern financial services market, few commodities can compare to the value of trust among current and prospective clientele, especially as identity theft continues to become a more widespread and devastating crime in North America and overseas. More advanced, dynamic authentication solutions can often be used in place of traditional access management strategies to ensure stronger resilience to breach and theft.