Top 3 Security Risks to Banks

Hacktivists, Mobile Banking Pose Increasing Concerns

By , March 19, 2012.
Top 3 Security Risks to Banks

See Also: Fighting Financial Fraud: Mitigation for Malware, Phishing & DDoS Attacks

While incidents of ACH- and wire-related fraud continue to plague the banking industry, Joe Rogalski, the information security officer for New York-based First Niagara Bank, says other risky financial transactions and channels are posing growing concerns.

Hacktivism is changing the threat landscape for financial institutions, and groups like Anonymous are increasingly targeting big banks, and their attacks are not always financially motivated. "We're starting to look at that stuff more closely, how we can defend against it and what we can do," he says.

Community banks and credit unions have, by and large, been sheltered from hacktivists' wrath. But Rogalski says that's likely to soon change, as the pool of hackers who claim to be part of the hacktivist movement continues to grow and dilute.

All banks and credit unions need to prepare themselves for that reality.

"What customer records can be exposed?" Rogalski asks. "Can your website be defaced? Can it be taken down?"

The adoption of mobile banking is posing new threats, too, as is the advent of the so-called bring-your-own-device movement.

"Senior management is concerned about data loss, but they're really also pushing the use of iPad and i-devices," Rogalski says in an interview with BankInfoSecurity's Tracy Kitten [transcript below].

Although the risks continue to evolve and change, Rogalski says financial institutions are being proactive when it comes to ACH and wire fraud. "It's still the No. 1 issue in the industry and it's not going away."

Rogalski recently took part in a peer-to-peer discussion at RSA Conference 2012, where he addressed risks and program challenges institutions face when battling emerging risks with security concerns from traditional channels.

During this interview, Rogalski discusses:

  • Emerging technology risks, such as those posed by near-field communications and mobile wallets;
  • Why ACH and wire fraud continue to plague the industry; and
  • How senior management should address data loss concerns linked to website exposure.

Rogalski is the information security officer and first vice president of First Niagara Bank, a top 25 regional bank located in the northeast. Rogalski currently holds CISM and CRISC certifications. Rogalski has more than 18 years of experience in technology and security in a variety of technical and management positions. Before joining First Niagara, Rogalski led information security risk management for M&T Bank. Rogalski also frequently speaks about security, risk management and awareness with industry leaders and First Niagara customers.

Threat Landscape

TRACY KITTEN: Could you tell us a bit about the existing landscape and areas where you see financial institutions facing the greatest risks?

JOE ROGALSKI: The landscape has really changed for financial institutions over the last year with the emergence of Anonymous, and other hacktivist groups coming to light. The risk difference for institutions - it's not financially motivated anymore. Hacktivism is not financially motivated. It's more out for attention and to show the wrongdoings of institutions and people out there. That, along with malware involved in ACH and wire fraud continually evolving almost on daily basis, the challenges are still there with that as well, but now we have this new breed coming in of Anonymous trying to deface our websites or expose our customer data.

Addressing Risks

KITTEN: How proactive have most financial institutions been, in your opinion, when it comes to adequately addressing and assessing some of those risks that you've talked about?

ROGALSKI: On the ACH and wire side, people are getting more and more proactive. We're trying to get out in front of the bad guys on that, and, like I said, it's a continual battle on a daily basis. As far as the hacktivism and that type of thing, it's really just starting to come to light now with Occupy Wall Street and Anonymous getting behind them and really going after FIs. I think we saw this with Bank of America when they proposed that debit card charge every month. They were attacked at that point, and so we're starting to look at that stuff more closely, how we can defend against it and what we can do, but slightly in front of it, not too far though.

Emerging Concerns

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE McCaul Circulates Cyberthreat Info-Sharing Bill

A draft of cyberthreat data sharing legislation from Rep. Mike McCaul is "marginally better" in...

Latest Tweets and Mentions

ARTICLE McCaul Circulates Cyberthreat Info-Sharing Bill

A draft of cyberthreat data sharing legislation from Rep. Mike McCaul is "marginally better" in...

The ISMG Network