Eight of the largest U.S. banks recently announced they were forming a team to stand up to a growing wave of new threats from cybercriminals. This new group will enable members to share threat information and conduct war games designed to help them respond to real attacks.
The threats are all too real. Cyberattacks happen daily and they’re costing companies billions of dollars in losses every year. Another corrosive effect of these attacks is the erosion of customer confidence. In a new Blumberg Capital survey, more than seven in ten respondents (72%) said they were concerned about online banking security and are not confident their money is secure and their information is private.
We applaud the banking industry for getting more serious about protecting themselves and customers, but make no mistake – the challenges are growing more complex day by day. New platforms and technologies, from smartphones to cloud computing, have enabled banks to offer more convenient services than ever before. Each advance represents an opportunity for cybercriminals to exploit a new attack vector.
Traditional security – the domain of enterprise firewalls and signature-based anti-virus software – still has its place in large banks. But the old way is no longer nearly enough to protect against new threats, such as malware delivered via compromised mobile apps, or man-in-the-middle attacks, in which an attacker secretly intercepts and possibly alters communications between two parties who believe they are directly communicating with each other.
More than ever, banks must tap into a new breed of security startups built specifically to defend against the latest threats. For example, Fortscale helps financial institutions identify and eliminate malicious insider threats from hackers or rogue employees with legitimate credentials, but bad intentions. Or there’s IntSights that continuously and automatically scans the open, dark and deep web to deliver powerful early warnings of hacking and fraud attacks as well as rapid mitigation and one click remediation. Then there’s Deep Instinct, which uses deep learning, a segment of artificial intelligence, to quickly sniff out malware or a virus even if it has never seen that particular threat before. In contrast, legacy security software looks for “signatures” of known viruses and other threats, but that has left banks vulnerable to zero day attacks.
Beyond protecting themselves from attacks, banks and traditional financial institutions should also look to innovative startups to improve adoption and quality of online interactions while ensuring proper identification and authentication. For example, many would-be customers want to open accounts online rather than going to the bank (57% of survey respondents believe the days of going into a bank are coming to an end), but banks still rely on slow, manual account authentication. Companies like Trulioo solve this by automating and speeding up the identity verification process – protecting both the bank and the customer. Or there’s Namogoo, which protects financial institutions from client-side injected malware attacks. These attacks, which originate from the customer’s phones, tablets or computers, bypass anti-virus solutions and can reduce customer log-ins, annoy customers with unwanted pop-ups, expose consumer data to exploitation, enable phishing attacks. Another company going beyond traditional authentication systems is BioCatch, which uses behavior biometrics to proactively collect and analyze more than 500 cognitive parameters to generate a unique user profile that fraudsters cannot steal or replicate.
“Banks and other financial services institutions are undergoing a massive wave of transformation in the delivery of services, focusing heavily on digital banking applications aimed at consumers and businesses,” said BioCatch CEO, Eyal Goldwerger. “However, in order to gain rapid user adoption, they need to provide both an enhanced user experience and enhanced security. We believe that behavioral biometrics will play a critical role in meeting this challenge, providing frictionless authentication, seamlessly protecting users accessing a wider array of online and mobile banking solutions.”
It’s practically impossible for any bank to stay on top of the ever–changing threat matrix on their own. They need to reach out to and engage with next generation security startups. One way to stay in the mix is through programs like our invitation-only CIO Council, which connects members and portfolio company entrepreneurs to provide introductions, forge meaningful partnerships and engage in thoughtful conversations about business and technology trends.
We already count leading banks and credit card companies among our 80+ members. On the security front in particular, we give our members access – and serve as a filter – to innovative and powerful technologies specifically designed to thwart emerging threats. By engaging with our portfolio companies – early and often – financial services institutions will be better able to provide the services and security that customers demand.
Cybersecurity is more complex than ever before and finding the best technologies to protect your bank has never been more difficult. We’ve done our homework and put our money where our mouth is. So join us – our team and our portfolio companies will share valuable insights and cutting edge security technologies that will help your bank stay two steps ahead.
David J. Blumberg is the founder and managing partner of Blumberg Capital. Follow him on Twitter at @davidblumberg
The following companies mentioned in this article are part of our investment portfolio company roster: BioCatch, Fortscale, Deep Instinct, IntSights, Trulioo, and Namogoo.