The COVID-19 Impact: Why Community Banks must Upgrade their Cybersecurity

By Mr. Shomiron Dasgupta, Founder & CEO, DNIF NextGen Siem Platform

The COVID-19 crisis has affected more than 1.9 million people around the world and over 126,000 have lost their lives from the illness, according to the latest data from Johns Hopkins University. It has also brought numerous businesses to a virtual standstill. While businesses are trying to cope with the situation as best as they can, there’s another group of people that are looking at drawing massive gains from the ensuing panic and confusion — cybercriminals.

Banking and cyberthreats amidst COVID-19

Researchers have observed a rising trend: cybercriminals are increasingly targeting the financial services sector during COVID-19, with attacks on banks and other financial institutions accounting for 52% of all attacks! Evidently, the pandemic is serving as a potent tool for cybercriminals to sink their nails deeper into the banking and finance sector.

The unprecedented nature of the outbreak has bestowed hackers with two highly effective weapons for exploiting the unassuming user, namely fear and panic. There’s a growing trend of people wanting to consume as much information as possible about the pandemic. Cyber attackers are using this thirst for knowledge to their advantage, misguiding users to click on malicious links masquerading as COVID-19 advisories. As more Americans work remotely, the chances of them being connected over a highly secure network are slim, thereby leaving a lot of room for cybercriminals to gain access to business-critical data. According to a report by Carbon Black, to this end, attackers are using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, cryptominers, botnets, and ransomware.

Old foes – banking and cyber breaches

Statistics show that the increase in cyberattacks on banks and financial services is not new; cybercriminals have always known exactly how sensitive online banking data is. To give you a glimpse, the cost of cyberattacks in the banking industry has reached USD 18.3 million annually per company (Accenture). A recent report revealed that cyberattacks are 300 times more likely to hit financial firms than other companies (Market Insider). In fact, if experts are to be believed, a bank encounters around 85cyberattacks every year (around 7 every month) on an average, and at least 1/3 of these attacks are successful (Accenture).

In 2019 alone, there were 108 reported data breaches in banking, credit and financial institutions, that is, an average of 9 data breaches every month (Statista). In May 2019, one of America’s well known financial services providers suffered a data breach that compromised nearly 885 million files related to mortgage deeds. An American bank holding company specializing in credit cards, auto loans, banking, and savings accounts, disclosed a data breach in July 2019, which affected approximately 100 million individuals. In 2017, more than 147 million Americans were affected when hackers stole sensitive personal data, including names and addresses from a credit rating giant.

Community banks – their impact on the US financial system

Representing 97% of the banking industry and holding over 84% of the banking industry assets, community banks are quite crucial to not just the markets they serve but also to the overall economy. To put things into perspective, the US has over 11,000 registered banks (FDIC) and credit unions (NCUA) with a collective net worth over USD 19 trillion in assets, providing banking services to over 300 million Americans. Community banks, regional banks, and online-only banks vary significantly in size ranging from USD 2M in assets with one branch focusing on a single audience segment to larger organizations with over USD 100 billion in assets and focusing on multiple similar audiences across multiple states. Community banks have over 52,000 locations across the country and hold over USD 5 trillion in assets, and this is just the tip of the iceberg.

The thing about the US financial system is that it is highly interconnected, and it has been observed time and again that financial distress in one corner can cause almost the entire economy to crumble – case in point, the 2007-08 financial crisis. In fact, a recent report by The Federal Reserve Bank of New York (FRBNY) suggests that the impairment of any of the five most active U.S. banks due to cyber risk could result in significant spillovers to other banks, with 38% of the network affected on average. That’s not all; what’s even more concerning is that in the same report, the FRBNY has estimated that even if cyberattacks could cause financial distress in six small banks (each below USD 10 billion in assets), they could threaten the solvency of the top five banking institutions, thereby causing ripple effects throughout the economic fabric of the country!

This only goes on to show how cybersecurity is all the more crucial for midsized and smaller banks in the USA, especially during a pandemic when the threat of an imminent recession is looming on our heads. While most community banks may have otherwise been well-equipped to deal with cyber threats in a normal scenario, the coronavirus outbreak has most certainly disrupted the existing cybersecurity measures, making it mandatory for community banks to act fast!

MR. SHOMIRON DASGUPTA, FOUNDER & CEO, DNIF NEXTGEN SIEM PLATFORM Shomiron founded DNIF in 2016 with a vision to create a company that delivers high-quality attack detection products and services to its customers. Combining his skill set as an intrusion analyst with a passion for tech advancements, He has been building threat detection systems for close to two decades. Today, DNIF has established partners in 14 countries across industries such as healthcare, insurance, transportation, banking, and media.

Prior to founding DNIF, Shomiron worked with ICICI Infotech Ltd. as
a senior consultant, where his core responsibility was to solve critical challenges faced by customers.

Shomiron is also an eminent speaker at many industry events. The events
and venues that have hosted him include TedX, DSCI (the Data Security Council of India) and SACON (the Security Architecture Conference).

Outside the tech world, Shomiron is also a trained mountaineer, with
expedition experience in the high Himalayas.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.