3rd Party Risk Management , Finance & Banking , Governance & Risk Management

Poor Security Practices Put Banks at Risk of Cyberthreats

Neovera CEO Scott Weinberg on Passwords, Vendor Risks and Social Engineering
Scott Weinberg, CEO, Neovera

Despite heavy security investments, banks still struggle with basic security issues such as default passwords, vendor vulnerabilities and social engineering scams. But even large banks that have built strong defenses grapple with these common risks, said Scott Weinberg, CEO at Neovera.

See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities

Citing a Neovera report released Wednesday that surveyed 350 regional and community banks, Weinberg pointed out a concerning statistic - 26% of banks still use blank or default passwords, making it easy for attackers to gain unauthorized access to sensitive systems.

"We've seen default passwords, unpatched systems and even a lack of segmented networks at larger banks," Weinberg said adding that the challenge of password management is "exacerbated by the complex IT ecosystems" that banks rely on.

Another challenge: Working with multiple vendors and integrating a wide range of systems, which can lead to operational inefficiencies that hinder password enforcement. "We've seen cases where retail security equipment was used, which is not built for enterprise systems. If these devices are visible on the network, hackers will exploit them," he warned. To address this, he recommends robust password managers and strengthening oversight of third-party systems.

The report also found 33% of banks remaining vulnerable to social engineering scams, particularly phishing. Traditional tools and controls can't prevent social engineering scams, so it's important for financial institutions to conduct continuous and comprehensive staff training to help employees recognize and respond to social engineering attempts.

In this video interview with Information Security Media Group, Weinberg also discussed:

  • The security risks posed by outdated protocols that aren't properly isolated within banking networks;
  • The impact of complex IT infrastructures and vendor management on cybersecurity efforts;
  • The role of social engineering tactics in bypassing both digital and physical security defenses.

Weinberg established Neovera in 2001 and continues to oversee growth, upholding Neovera’s mission by leading strategic direction and partnerships and promoting company culture. His previous experience included IT enterprise architecture consulting in the financial services and telecommunication industries.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.