3rd Party Risk Management , Finance & Banking , Governance & Risk Management
Poor Security Practices Put Banks at Risk of Cyberthreats
Neovera CEO Scott Weinberg on Passwords, Vendor Risks and Social EngineeringDespite heavy security investments, banks still struggle with basic security issues such as default passwords, vendor vulnerabilities and social engineering scams. But even large banks that have built strong defenses grapple with these common risks, said Scott Weinberg, CEO at Neovera.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
Citing a Neovera report released Wednesday that surveyed 350 regional and community banks, Weinberg pointed out a concerning statistic - 26% of banks still use blank or default passwords, making it easy for attackers to gain unauthorized access to sensitive systems.
"We've seen default passwords, unpatched systems and even a lack of segmented networks at larger banks," Weinberg said adding that the challenge of password management is "exacerbated by the complex IT ecosystems" that banks rely on.
Another challenge: Working with multiple vendors and integrating a wide range of systems, which can lead to operational inefficiencies that hinder password enforcement. "We've seen cases where retail security equipment was used, which is not built for enterprise systems. If these devices are visible on the network, hackers will exploit them," he warned. To address this, he recommends robust password managers and strengthening oversight of third-party systems.
The report also found 33% of banks remaining vulnerable to social engineering scams, particularly phishing. Traditional tools and controls can't prevent social engineering scams, so it's important for financial institutions to conduct continuous and comprehensive staff training to help employees recognize and respond to social engineering attempts.
In this video interview with Information Security Media Group, Weinberg also discussed:
- The security risks posed by outdated protocols that aren't properly isolated within banking networks;
- The impact of complex IT infrastructures and vendor management on cybersecurity efforts;
- The role of social engineering tactics in bypassing both digital and physical security defenses.
Weinberg established Neovera in 2001 and continues to oversee growth, upholding Neovera’s mission by leading strategic direction and partnerships and promoting company culture. His previous experience included IT enterprise architecture consulting in the financial services and telecommunication industries.