Cybersecurity and Banking: 3 Trends to Watch in 2019

Banks have always been at the forefront of enterprise cybersecurity. Their enormous stores of cash and consumer data have made them a top target for hackers, and the threat of financial losses, regulatory consequences, and reputational damage has spurred them to innovate and accelerate the field of cybersecurity.

However, the intersection of cybersecurity and banking can feel like battling the Hydra. As soon as one vulnerability is addressed, another one is created. Combine this with the increasingly diverse ways consumers are interacting with their money, and you’ve got a recipe for something disastrous.

Let’s take a look ahead at three trends that are likely to play a role in 2019’s biggest banking security headlines.

1. Mobile Apps and Web Portals will Create More Security Risks.

As consumers continue their long slow march away from cash, banks are becoming more heavily invested in mobile and web-based services that facilitate payment and transfers. However, these applications are creating new vulnerabilities that banks will have to address.

Zelle is the perfect example. The big banks’ competitor to Venmo was used to transfer about $75 billion in 2017; according to the New York Times, the application has had a lot of issues with fraud. Some banks are reported to be experiencing up to a 90% fraud rate on Zelle.

But fraud, while harmful, isn’t always a result of cybersecurity issues. However, banks’ mobile applications do have a multitude of issues that introduce cybersecurity risk as well.

A 2018 study from Accenture reported on the cybersecurity of 30 major banking applications. All 30 apps had at least one known security risk identified, and 25% of them included at least one “high-risk security flaw.” Their vulnerabilities included insecure data storage, insecure authentication, and code tampering.

And it’s not just mobile where banks are seeing problems with software. Their web-based banking applications have also been shown to lack security, with one report calling the financial sector the “most vulnerable to attack” of all the industries tested. According to these researchers, every financial site they tested contained at least one high-severity vulnerability.

It’s unclear whether this will pose a major problem for banks in 2019, but one thing’s certain — people aren’t going to go back to cash transactions and weekly visits to their local branch. If banks want to keep up with consumer behavior while avoiding a major attack, they’ll need to update their web and mobile cybersecurity practices.

2. Third Parties will Continue to be a Target.

In the last decade, banks have poured countless resources into protecting their own networks and systems from cyber attack. As a result, hackers have looked elsewhere for points of entry — and when they’ve found them, they’ve gleefully exploited them.

As we reported previously, major banking cyber attacks have been caused by vulnerabilities in shared banking systems and third-party networks. The 2017 Scottrade data breach, for example, was caused by a professional services vendor. One of the most notable third-party beaches occurred in 2016, when hackers stole $81 million from Bangladesh Bank by exploiting a vulnerability in a shared banking system called SWIFT.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow

Banks have not been impervious to the decentralization of IT that has affected most enterprise businesses. As organizations become increasingly reliant on third-party vendors for their day-to-day operations, these vendors must be continuously monitored for cybersecurity vulnerabilities. Lack of awareness in regards to third-party security could cost banks millions in 2019.

3. Cryptocurrency Hacks will Keep Big Banks on their Toes.

2018 saw cryptocurrencies like bitcoin and ethereum transform from a fringe interest to a mainstream investment. In less than one year, the value of a single bitcoin went from under $1,000 USD to nearly $18,000 USD.

True believers in cryptocurrency think it should replace the global financial system, and they typically cite “security” as a reason why. Some analysts have even recommended that moving your money to a crypto wallet is a good strategy to avoid losing it in a bank hack.

However, those who have been paying attention know that cryptocurrency exchanges have had some major hacks of their own. The most famous was probably the 2014 hack of Mt. Gox, during which attackers stole 850,000 bitcoin (worth about $7 billion as of July 2018). However the largest crypto hack in history actually occurred this year, when Japanese crypto exchange Coincheck got drained of NEM coins worth about $534 million.

Now, big banks are starting to dip their toes in the crypto waters, with one in five financial firms saying they might start trading cryptocurrencies by mid-2019. It’s possible that the involvement of major institutions will shore up the security of the crypto industry — but if the past is any indicator, extreme measures will have to be taken to ensure the security of these digital currencies.

Banks have a responsibility to keep their customers’ funds safe from cyber criminals, and that challenge is on track to become even more difficult in 2019. We’re not sure what stories we’ll see from the financial sector next year, but as the CISO of the Federal Reserve Bank of New York put it, “Something will happen, without question.”

How much do you really know about third-party vendor risk management? Download our ebook to find out.