Banks vulnerable to new cybercrime risks, security expert says

A. Lee Graham

Safeguarding financial records and cold hard cash has become increasingly difficult as computer hackers go online to prowl bank accounts. But it’s not banking customers who are under the gun, at least not directly; it’s their banks, as well as small businesses. Because banks are heavily fortified with layered security measures, criminals are seeking indirect access: through everyday consumers or small business customers.

“It’s getting more sophisticated,” said Jeff Multz, vice president of Dell SecureWorks in Atlanta, which assists companies in beefing up online security. Discussing cybercrime before his Sept. 30 appearance at the Independent Bankers Association of Texas’ 40th annual convention in downtown Fort Worth, Multz minced no words: banks and small businesses should adopt new approaches to secure their customers’ and internal corporate information. “It can’t be just an afterthought,” Multz said of establishing security measures. “It’s just as important as what’s in your safe. Without them, people will steal you blind.”

Cybercrime has struck more often – and with increasing sophistication – in recent years. In June, the U.S. Justice Department announced a multi-national effort to thwart the GameOver Zeus botnet. Simply put, a botnet comprises several online programs communicating with similar programs to execute tasks. In this case, the botnet represented infected computers worldwide used by what the Justice Department called cybercriminals attempting to steal millions of dollars from businesses and consumers. “These schemes were highly sophisticated and immensely lucrative, and the cybercriminals did not make them easy to reach or disrupt,” said Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, commenting in a news release. Technology makes theft easy for cyber-savvy criminals. They hack into bank accounts and target comptrollers, bookkeepers or other individuals within organizations. The aim is to infect their computers with a banking Trojan to intercept online banking sessions. The next step is grabbing customers’ credentials and wiring money out of their accounts before the customer knows what has happened. “You find that the smaller the business, the more you’ll be targeted because they’re attached to another network,” Multz said. The approach allows access to more potential victims.

- FWBP Digital Partners -

In Texas, mounting criminal activity prompted the state banking commissioner to create the Texas Bankers Electronic Crimes Task Force. Formed in 2010 in cooperation with the U.S. Secret Service, the agency develops practices to mitigate risks of corporate account takeovers and other electronic crime. Although Home Depot and Target garnered headlines when their customer credit card accounts were breached, banks deserve as much attention, Multz said. He recommends that banks establish a layered security approach, using several tools instead of just one, in protecting data. The strategy includes establishing firewalls around an organization’s network and Web applications, encrypting email, and using intrusion prevention systems that inspect inbound and outbound traffic. Consumers and small businesses that can’t afford often pricy layered defenses should follow several tips to enhance security, according to Dell SecureWorks tips.

Those include using a computer solely reserved for online banking, avoiding clicking on links or attachments within emails from questionable sources, and reconciling bank and credit card statements regularly to identify potential fraudulent transactions that may indicate account takeover. “Hackers have gotten really smart in the past several years,” said Elizabeth Clarke, a Dell SecureWorks spokeswoman. “These hackers are not breaking into a bank’s network; they’re actually going to your laptop, your desktop and your account. It’s a different world out there.” More online banking tips are available from the Better Business Bureau at