I wrote in a recent blog that banks were once institutions that dominated the high street, their physical presence symbolising trust and security.
While the majority of banking is now done online, the one constant that remains from the first banking activities of the ancient world is the human element in every transaction.
The paradox that underpins modern banking is that it’s not about having the best software or the most up-to-date systems and services; rather it is about maintaining the confidence of your customers by ensuring the security of their personal data. This can only be achieved by investing in the most important element in any security strategy: the employee.
This issue has come sharply into focus with the recent report of an unprecedented security breach in the banking world.
A multi-national gang of cyber-criminals, named Carbanak by Russian security company Kaspersky, stole $1 billion from over 100 financial institutions in 30 countries. While a range of tactics were employed, the most successful was spear-phising.
Spear-phising tricked the employees into opening emails that allowed the criminals to infect their computers with malware. The gang was then able to observe the behaviour of the bank clerks to later mimic their behaviour and transfer large amounts of money out of many accounts.
This may sound like a complicated procedure, one which you might expect to rely on complex and highly sophisticated software. The reality, however, is that spear-phishing is incredibly simple. Criminal cybergangs target the weakness of all security procedures: the human factor.
The statistics surrounding spear-phising don’t lie. Cyber criminals send 156 million phishing emails EVERY DAY. Even though only 10% make it through spam filters, that is still 16 million emails. 8 million of these are then opened and 800,000 click the phishing link. 1 in 10 people who have clicked the link then share personal data.
This results in daily incidents of stolen identities, financial loss, credit card fraud and other Internet scams. Every Day.
Sanjay Virmani, director of the INTERPOL Digital Crime Centre, commented to press: "These attacks again underline the fact that criminals will exploit any vulnerability in any system. It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”
Incredibly companies are still failing to see the long-term benefits of investing now in educating their staff on security awareness.
In 2013 one study found that 70% of employees in American companies were uninspired at work or, more worryingly, “actively disengaged.” This cost these companies $450m.
Data is the lifeblood of any organisation and companies must take the necessary measures that emphasise the centrality of data security in the culture of the organisation.
Investing in employees not only creates a dynamic and enthusiastic workforce but also cultivates loyalty, a fact which will ensure that employees are not “actively disengaged” but place procedures that protect the company and its customers at the forefront of their daily activities.
As Barack Obama commented at the recent Cybersecurity Summit in Stanford University , cybersecurity is a shared mission. It’s up to the decision makers at companies to be visionaries and invest now in the education of their employees to ensure a safer future for their company and their customers.