Infographic: Why Information Security is Important for Banks

Social Engineering Attacks Against Banks

In an industry study, 90% of those successfully exploited during an unauthorized facility entry trusted the intruder because they thought she worked for their company. (CSO)
Over 28% of phishing attacks detected in 2014 were against banks, payments systems and e-commerce companies. (Kaspersky Lab)

Why banks need information security options

Highly organized hackers use LinkedIn, company websites and other resources to identify executives, accounting employees and others who could be high-value targets. Social media lets them craft highly personal attacks using names of acquaintances, actual travel plans, etc.  

TIME IS OF THE ESSENCE: 50% of opened and clicked phishing emails happen within the first hour, leaving little time for an effective response. (DBIR 2015) A system is only as safe as the people controlling it.
$52,000 - $87,000 is the forecasted range of an average loss for a breach of 1,000 records. (DBIR 2015)
$259 is the average cost of each record exposed in the financial industry. (IBM)

Improving Your Information Security Program
IT Audit

An IT Audit should meet more than just your compliance requirements. It needs to review how your security controls are designed and implemented, while providing insights to potential gaps in your process or procedures. This practice improves the effectiveness and efficiency of your business security.

Vulnerability Scanning

A vulnerability scan is a tool used for finding the weaknesses in your computers, devices, networks and applications. Scans are often performed monthly to search for cracks in your security armor.

Penetration Testing

A penetration test is an ethical version of hacking your business. It is used to identify exploitable vulnerabilities, find potential data leakage and assess the effectiveness of your company’s security program.

Social Engineering

Pretexting Phone Calls

Using a phone call to solicit information or setup an employee to be more receptive to a future attack.

Phishing Emails

Sending an authentic looking email in attempt to steal personal and/or financial information.

Unauthorized Facility Entry

Entering a facility without permission to discover what a non-employee has ability to access.

Dumpster Diving

Searching in a facility’s dumpster for private information that could be used in a malicious attack.

Security Information & Event Management

Security Information and Event Management, or SIEM, involves collecting network and device logs in a centralized environment in order to correlate, consolidate, identify, analyze, alert and report security incidents.

Breach Investigation & Incident Response

In a breach investigation, it’s imperative that expert guidance with experience in data recovery and preservation of evidence is provided to prevent spoliation of evidence.

Information Security Consulting

At HBS we understand the unique demands of the banking industry. The members of our knowledgeable team have been providing information security services to banks for the past decade. We have served organizations ranging in size from the largest national banks to the smallest community banks across the country. Our services help banks fulfill IT compliance regulations as well as strict information security goals.

Kaspersky Lab - https://securelist.com/files/2015/02/KSN_Financial_Threats_Report_2014_eng.pdf
CSO - http://www.csoonline.com/article/2864598/security-awareness/the-2015-social-engineering-survival-guide.html
2015 Cost of Datat Breach Study
Verizon 2015 Data Breach Investigation Report (DBIR)