Regional banks play a critical role in the U.S. financial system, providing essential services to local communities. However, they face growing cybersecurity risks. Recent incidents show how sophisticated cybercriminals are targeting regional banks, aiming to exploit any vulnerability. These threats disrupt the financial fabric of the banks' local communities and pose broader economic implications.
Traditional and Novel Cyber Threats
Here is a review of widely known cyber intrusions, as well as emerging threats that confront regional banks today.
Ransomware continues to be a menace. Attackers encrypt a bank’s systems and demand exorbitant ransoms for decryption keys. The sophistication of these attacks is evolving, with cybercriminals employing more complex ransomware strains and double extortion tactics.
Real Case: In 2001, the AvosLocker ransomware group attacked a California community bank. It encrypted the bank's computer systems and stole sensitive customer information. The bank notified its customers of the breach and offered credit monitoring services, incurring financial, operational, and reputational costs due to the attack.1
Supply Chain Attacks
In a supply chain attack, cybercriminals target less secure elements in a bank's supply chain to eventually compromise the bank itself. By infiltrating third-party service providers, attackers can gain unauthorized access to the bank's systems.
Regional banks are repositories of sensitive customer data. Any breach could be a gold mine for cybercriminals. The stolen data can be sold on the dark web or used for identity theft, fraud, or spear phishing campaigns targeting individuals or other institutions.
Real Case: In an attack on a regional bank in Virginia, cybercriminals gained access to the bank's network and stole $2.4 million. The banks suffered two intrusions into its ATM and debit card network. In both cases, the intruders penetrated an internal workstation via phishing effort and an infected Microsoft Word document.2
AI-Powered Cyber Attacks
The integration of artificial intelligence (AI) by malicious actors to automate and enhance their attack capabilities represents a significant threat. AI can be used to rapidly exploit vulnerabilities, bypass security measures, and conduct social engineering attacks at scale.
Distributed Denial of Service (“DDoS”) Attacks
DDoS attacks overwhelm bank websites with junk traffic, denying legitimate users access to online services. These attacks can serve as a smokescreen for other malicious activities, diverting attention from data exfiltration attempts.
Real Case: Cybercriminals used a botnet and attacked vulnerable servers to overwhelm a bank's website. The attack generated over 20 gigabits per second of traffic, leveraging protocols and IPsec tunnels to amplify the assault. The threat, however, was averted.3
Cryptojacking involves the unauthorized use of a bank's computing resources to mine cryptocurrencies. This results in financial losses and can result in financial losses but can also degrade system performance and cause service disruptions.
Insiders with malicious intent can abuse their access privileges to siphon off funds or leak sensitive information to external cybercriminals. The damage from insider threats can be monumental, often going unnoticed until it is too late.
Zero-day exploits are attacks that take advantage of vulnerabilities unknown to the vendor. Regional banks may be ill-equipped to defend against unknown vulnerabilities, making zero-day exploits a notable threat.
Impacts and Implications of Cyber Attacks
The real-life case examples above briefly touch upon the negative effects banks can suffer at the hands of hackers and other cybercriminal archetypes. If not equipped to fend off attacks on their technology infrastructure, most banks will experience one or more of the following consequences:
The financial repercussions from cyber incidents can be substantial, with losses potentially extending beyond immediate recovery costs. According to recent research, financial firms lose nearly $6 million per data breach.
Novel cyber threats can lead to high-profile incidents, resulting in severe reputational damage and loss of customer confidence. Negative attention from mainstream and social media spreads quickly. The perception that a bank cannot securely protect a customer’s assets or information could be disastrous for its bottom line.
Disruptions to critical services from cyber threats can have wide-ranging impacts on both the bank and the communities they serve.
Legal and Regulatory evolution
The legal and regulatory landscape is evolving to curb cyber threats. Regional banks now face stringent compliance requirements with laws like the New York Department of Financial Services Cybersecurity Regulation setting a precedent. While becoming cyber compliant is an expense for regional banks, it is an exceedingly small price to pay compared with the financial and reputational cost of a successful cyber-attack.
A Necessary Investment
Ultimately, regional banks must commit to a standard of cybersecurity that sufficiently protects themselves and their customers from adverse cyber incidents. Here are some of the most basic measure to implement.
Robust Security Controls
Implementing multi-layered security measures such as advanced threat detection and response systems, alongside traditional measures like tokenization and end-to-end encryption, is crucial.
A joint study by Stanford University professor Jeff Hancock and firm Tessian found employee mistakes cause 88% of data breaches. Training programs should evolve to address the novel threats, especially those that educate employees on recognizing and mitigating emerging risks.
Incident Response Plan
Developing a flexible incident response plan that can adapt to diverse types of cyber threats is essential for minimizing damage and ensuring rapid recovery.
Fostering a Culture of Cybersecurity
The emergence of novel cyber threats targeting U.S. regional banks accentuates the urgent need to enhance cybersecurity measures. By fostering a culture of continuous learning, adapting to the evolving regulatory landscape, and investing in advanced security technologies, regional banks can significantly mitigate the risks posed by both traditional and emerging cyber threats. These measures can safeguard the trust of the communities they serve and fortify the broader financial ecosystem against burgeoning cyber threats.