When McAfee, the world’s largest dedicated security company, exposed a credible threat against the banking industry last month, it raised red flags not just for large financial institutions but for every banking institution in the nation.
“Project Blitzkrieg” was revealed in a report as a mass fraud campaign that would attack 30 U.S. banks by the spring of 2013. The threat came just a year after six of the nation’s largest banks, including Bank of America, Citigroup, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo experienced disruptions on their websites after a separate cyber attack.
Shortly after McAfee validated the threat, the Office of the Comptroller of the Currency under the U.S. Department of the Treasury addressed the banking community. The office reiterated that banks should have risk management programs in place, as well as “layered security” to respond to threats. What the office is continuing to try to prevent is distributed denial of service (DDoS) attacks that would attempt to enable fraud or steal proprietary information from banking institutions in the U.S.
Banks of all sizes have been more actively testing their contingency plans to ensure their technology platforms are secure. In 2012, IT-Lifeline, a provider of comprehensive disaster recovery and compliance testing solutions for the financial services industry, reported a 67 percent increase in disaster recovery testing among small banks. The company uses BLACKCLOUD’s private cloud architecture to help reduce the complexity of backup and disaster recovery tests, minimize staff disruption and time, ensure proper test documentation and provide a systematic approach to enterprise recovery.
John Tolomer, president and CEO of The Westchester Bank, said since 9/11 there’s been a heightened concern for the safety and sanctity of financial institutions. After that attack, the New York Stock Exchange reportedly lost more than $1 trillion because of the shutdown. Since then, the banking industry has become more vigilant.
Over the past decade the federal government pushed harder to make sure banks were as prepared as possible. “It’s intensified,” Tolomer said. “The banking industry has built backup systems in the event of an emergency based on what happened post-9/11 because there were some very significant interruptions in bank service.”
Hurricane Sandy also drew concern within the banking industry regarding preparedness. “During Hurricane Sandy we had people working from home and we were able to wire transfer and make deposits from remote capture, and so we were able to continue,” he said. After passing that test, Tolomer maintains his bank has not relaxed its efforts because there’s no way of knowing what might be on the horizon. The Westchester Bank continues to update their systems and outsource help to ensure the privacy of customer information (is safe) as well as keep the bank operational. “We don’t spare any expense to make sure our customers’ information and our ability to operate during a crisis, we make sure we have the best systems in place,” he said.
Many small banks were lost in the recession of 2008 or consumed by larger banks, but the importance of maintaining them is apparent. The American Customer Satisfaction Index gave small banks a score of 79 compared to larger banks’ score of 77, again proving people’s commitment to small financial institutions.
Investing in security is something Tolomer said he and the rest of the banking community will remain committed to because of the issues that keep coming up. “It’s been an ongoing issue for some time and it always will be,” he said.