Banks Rethink Cybersecurity Amid CredentialBased Compromises
p
Highlights
pp
Cybercriminals are using stolen or falsified credentials to access systems especially in financial institutions shifting from bruteforce attacks to stealthy trustbased intrusions pp
The intricate networks and numerous endpoints in financial services make them especially vulnerable to these attacks which can originate from even the most trusted sources pp
Organizations must move beyond reactive measures and can investigate adopting defenseindepth strategies zerotrust principles and enhanced collaboration like consortiums and audits to stay ahead of threats ppThe image of a hacker furiously typing strings of code to bruteforce their way into a corporate server is becoming outdatedppppComplete the form to unlock this article and enjoy unlimited free access to all PYMNTS content no additional logins required
pp
pp
pp
pp
pp
pp
ppyesSubscribe to our daily newsletter PYMNTS Today
ppBy completing this form you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor if applicable in accordance with our Privacy Policy and Terms and Conditions
pp
pp
ppΔdocumentgetElementById akjs1 setAttribute value new Date getTime ppToday the most dangerous cyber intrusions can come not from forced entries but from front doors to organizational perimeters being quietly opened with valid credentials Financial institutions long the crown jewels of cyber targets are falling prey not to systems being broken but to trust being exploitedppIts an emerging era of credentialbased compromise a new paradigm in cybersecurity where hackers dont break in they log in Cybercrime has evolved from smashandgrab operations to long cons that rely on psychological manipulation and credential misuseppThe problem is compounded by the operational and administrative complexity of financial services Financial institutions can operate sprawling networks with millions of users and endpoints To the fraudsters hammer all these endpoints and users can look like a nailppThe PYMNTS Intelligence report Consumers Struggle with Passwords and Fraud Prevention Metal Payment Cards Offer a Smarter Alternative a collaboration with Arculus by CompoSecure found that 41 of fraud cases are driven by stolen or falsified credentialsppDefending against this new wave of threats can require more than better tools It may depend on better habits smarter systems and a commitment to security as a shared responsibilityppRead also Aligning Payments and Data Operations With Compliance and Cyber RisksppThe traditional reactive approach to cyber incidents may no longer be sufficient for todays sophisticated alwayson threat environment Banks are no longer asking if they will be breached but when and how prepared they will beppA data breach and its downstream compromises can come from anywhereppVulnerabilities can even come from trusted third parties as the news earlier this month from the Office of the Comptroller of the Currency showed Hackers were able to intercept over 150000 emails sent to the agency Cybersecurity experts are reviewing the security of the OCCs BankNet and Large File Transfer systems which are what many banks use to share supervisory information with the regulatorppFollowing the OCC breach JP Morgan Chase and Bank of New York Mellon scaled back their electronic information sharing with the OCC due to concerns about potential security risks to their own computer networksppUltimately the days of siloed cybersecurity departments are over Hackers can log in with stolen credentials so every employee vendor and system is a potential vectorppIn interviews for the Whats Next in Payments series executives stressed to PYMNTS that a multilayered security strategy also known as defense in depth is crucial for reducing risks at various levels This approach means implementing multiple defensive measures across the enterprise networkppAdditionally key security frameworks like FedRAMP and ISO 27001 can provide a blueprint for organizations to protect their data and ensure they can respond effectively to security incidentsppSee also US Agencies Warn of Fast Flux Attacks Derailing Enterprise NetworksppWithin financial services and payments specifically contextual awareness and data correlation can be crucial tools in the fight against fraud and cyber abuseppFeaturespace founder David Excell and Gasan Awad senior vice president of enterprise fraud product management at PNC told PYMNTS in March that successful defenses depend on pattern recognition expanding the channels through which banks communicate with one another to keep abreast of emerging attack vectorsppLast spring Intellicheck CEO Bryan Lewis advocated for the development of consortiums and data sharing to bolster identity verification By pooling resources and sharing verified data consortiums can establish a robust framework for identity validation improving trust and confidence in financial transactionsppAt the same time B2B cyber audits can help organizations assess their security posture identify vulnerabilities and build trust with partners and clients For Csuite leaders these audits are not just about compliance but about safeguarding their enterprises longterm stability resilience and trustppSome of the most forwardthinking firms have their eye toward the horizon and are already beginning the migration to encryption schemes resistant to quantum decryption following guidelines from the National Institute of Standards and Technology NISTpp
Temu Parent PPDs Profits Fall 38 Amid Tariff Pressures pp
House Committee Bills Look to Reshape Banking Regulations and FinTech IPOs pp
Velera Announces New Members of Boards Executive Committee pp
Circles IPO Goals Hinge on Becoming Digital Moneys Infrastructure Layer ppWere always on the lookout for opportunities to partner with innovators and disruptorsp
Highlights
pp
Cybercriminals are using stolen or falsified credentials to access systems especially in financial institutions shifting from bruteforce attacks to stealthy trustbased intrusions pp
The intricate networks and numerous endpoints in financial services make them especially vulnerable to these attacks which can originate from even the most trusted sources pp
Organizations must move beyond reactive measures and can investigate adopting defenseindepth strategies zerotrust principles and enhanced collaboration like consortiums and audits to stay ahead of threats ppThe image of a hacker furiously typing strings of code to bruteforce their way into a corporate server is becoming outdatedppppComplete the form to unlock this article and enjoy unlimited free access to all PYMNTS content no additional logins required
pp
pp
pp
pp
pp
pp
ppyesSubscribe to our daily newsletter PYMNTS Today
ppBy completing this form you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor if applicable in accordance with our Privacy Policy and Terms and Conditions
pp
pp
ppΔdocumentgetElementById akjs1 setAttribute value new Date getTime ppToday the most dangerous cyber intrusions can come not from forced entries but from front doors to organizational perimeters being quietly opened with valid credentials Financial institutions long the crown jewels of cyber targets are falling prey not to systems being broken but to trust being exploitedppIts an emerging era of credentialbased compromise a new paradigm in cybersecurity where hackers dont break in they log in Cybercrime has evolved from smashandgrab operations to long cons that rely on psychological manipulation and credential misuseppThe problem is compounded by the operational and administrative complexity of financial services Financial institutions can operate sprawling networks with millions of users and endpoints To the fraudsters hammer all these endpoints and users can look like a nailppThe PYMNTS Intelligence report Consumers Struggle with Passwords and Fraud Prevention Metal Payment Cards Offer a Smarter Alternative a collaboration with Arculus by CompoSecure found that 41 of fraud cases are driven by stolen or falsified credentialsppDefending against this new wave of threats can require more than better tools It may depend on better habits smarter systems and a commitment to security as a shared responsibilityppRead also Aligning Payments and Data Operations With Compliance and Cyber RisksppThe traditional reactive approach to cyber incidents may no longer be sufficient for todays sophisticated alwayson threat environment Banks are no longer asking if they will be breached but when and how prepared they will beppA data breach and its downstream compromises can come from anywhereppVulnerabilities can even come from trusted third parties as the news earlier this month from the Office of the Comptroller of the Currency showed Hackers were able to intercept over 150000 emails sent to the agency Cybersecurity experts are reviewing the security of the OCCs BankNet and Large File Transfer systems which are what many banks use to share supervisory information with the regulatorppFollowing the OCC breach JP Morgan Chase and Bank of New York Mellon scaled back their electronic information sharing with the OCC due to concerns about potential security risks to their own computer networksppUltimately the days of siloed cybersecurity departments are over Hackers can log in with stolen credentials so every employee vendor and system is a potential vectorppIn interviews for the Whats Next in Payments series executives stressed to PYMNTS that a multilayered security strategy also known as defense in depth is crucial for reducing risks at various levels This approach means implementing multiple defensive measures across the enterprise networkppAdditionally key security frameworks like FedRAMP and ISO 27001 can provide a blueprint for organizations to protect their data and ensure they can respond effectively to security incidentsppSee also US Agencies Warn of Fast Flux Attacks Derailing Enterprise NetworksppWithin financial services and payments specifically contextual awareness and data correlation can be crucial tools in the fight against fraud and cyber abuseppFeaturespace founder David Excell and Gasan Awad senior vice president of enterprise fraud product management at PNC told PYMNTS in March that successful defenses depend on pattern recognition expanding the channels through which banks communicate with one another to keep abreast of emerging attack vectorsppLast spring Intellicheck CEO Bryan Lewis advocated for the development of consortiums and data sharing to bolster identity verification By pooling resources and sharing verified data consortiums can establish a robust framework for identity validation improving trust and confidence in financial transactionsppAt the same time B2B cyber audits can help organizations assess their security posture identify vulnerabilities and build trust with partners and clients For Csuite leaders these audits are not just about compliance but about safeguarding their enterprises longterm stability resilience and trustppSome of the most forwardthinking firms have their eye toward the horizon and are already beginning the migration to encryption schemes resistant to quantum decryption following guidelines from the National Institute of Standards and Technology NISTpp
Temu Parent PPDs Profits Fall 38 Amid Tariff Pressures pp
House Committee Bills Look to Reshape Banking Regulations and FinTech IPOs pp
Velera Announces New Members of Boards Executive Committee pp
Circles IPO Goals Hinge on Becoming Digital Moneys Infrastructure Layer ppWere always on the lookout for opportunities to partner with innovators and disruptorsp
