Banking on Security – How the Financial Industry Needs to Fight Back Against Mobile Finance Malware


iStock_000008475900_XXXLargeA billion dollars – that’s enough for a round trip to the moon (no moon walking though). Or perhaps you could purchase the Solomon Islands and retire. That’s also the amount of money that the cybergang Carbanak has been able to steal from over 100 banks in 30 countries during the last two years. They utilized a spear phishing tactic and targeted employees with a spoofed email with a download link, in order to obtain unauthorized access to private information.

That’s an astonishing number, though it’s still such a shock when it comes to your own finances. Imagine you’re at dinner with friends one night and you attempt to pay the bill when both your credit and debit cards are declined. You’re left calling your bank to find out the cards have been compromised. You don’t know where or by whom. It’s an incredibly raw feeling of vulnerability and exposure. Typically, it’s the organization that was attacked, not you personally. That same feeling translates to organizations that are affected by theft of money or data.

Last year it was reported that GOZeus (GameOver Zeus) and cryptolocker were two of the most malicious pieces of malware being used in cyber crimes against the financial industry. Banks were attacked and had hundreds of millions of dollars stolen from them. Malware threats are becoming increasingly sophisticated and more frequent.  Security vendor Kaspersky Labs reported the number of malware that were identified increased from 45,000 to 148,000 in 2013 alone.

As those numbers increase, so do the number of mobile consumers that start to rely on mobile banking and payments, rather than banking from their personal computer. In this day, where the demand to be mobile has exploded, the private data leaking risk has also grown. Late last year, an estimated 31 percent of those surveyed stated they may have used mobile banking. Forty-three percent predicted that they will be using their smartphone for daily banking transactions in the near future.

In a 2014 report from Verizon, Citadel is the banking malware of choice of cybercriminals, when focusing on theft of personal data, with Zeus being the preference in order to steal money from bank accounts.

Some research actually points to the fact that mobile application developers leave security as an afterthought. Unfortunately, there is rarely a break to be had, when it comes to gaining the upper hand on security.

Approximately 50 percent of companies, who develop and implement mobile applications for customers, simply do not allocate enough, or any, of their budget towards mobile security. From an organizational standpoint, this leaves employees at every level more vulnerable to attack. Mobile apps that are not properly secured run the risk of becoming the hole in the fence into a company’s database and any and all resources behind the firewall.

In breaches, companies stand to lose more than data; they lose trust – trust that clients and partners had in them. Ipsos Reid pointed out in 2013 that 29 percent of large business owners agreed that a data breach could potentially lead to a significant detriment to the credibility of the business. That being said, a loss of data to hackers may lead to a loss of brand reputation, lost deals or partnerships, drop in stock prices or revenue; as well as higher turnover rates and customer churn. When surveyed, 40 percent of respondents stated that they would not use their debit cards at breached retailers. Crunching the numbers, organizations could look forward to costs of approximately $200 per record stolen, $8 to $12 month per month for credit monitoring and identity theft repair for each individual affected and regulatory fines and penalties.

One key piece to look at is the use of more secure applications to steer clear of malware. An organization could take the following steps to increase its defenses:

  • Determine and enforce a list of work-approved applications.
  • Define which corporate networks those approved applications have permission to use.
  • Utilize a sandbox approach in order to confine app memory and file use away from a defined sandbox area.

BlackBerry’s multi-OS EMM solution, BES12 is right on the money. Whether an employee’s device is supported by COPE, BYOD or COBO models, a single, unified BES12 console allows your organization to oversee, supervise and securely deploy mobile apps across all devices. It doesn’t matter if you are running with an iOS, Android, Windows Phone or BlackBerry device, public applications can be made available from a private corporate storefront. BES12 provides a smart way to manage mobile devices within an organization in order to ensure your people can connect securely and fluidly. Employees are protected with permissions and polices that can be tailored for both groups and individuals.

The ever-present risk of data, money and identity theft is becoming more complex. Shouldn’t you have a secured enterprise that can be versatile and flexible? You can bank on BlackBerry for that – and if you want more information on what’s involved in protecting your business from modern mobile threats, check out our Definitive Guide To Enterprise Mobile Security.

About Mohammed Ahmed

Mohammed Ahmed is a Product Marketing Manager at BlackBerry who manages global marketing efforts for BlackBerry's Enterprise Mobility Management (EMM) portfolio. He focuses on defining product value proposition, it's messaging and Go-To-Market Strategy. Outside of work, he loves Canadian wilderness and Astronomy.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus