Sectigo (formerly Comodo CA) today issued a report, Secure Impressions: Online Banking Study, revealing how well the world’s largest banks in North America and Europe ensure and demonstrate security of customer information on their online banking websites. The study found that a notable percentage of banks left customers vulnerable to phishing scams. They rated websites based on the presence of SSL certificates – verifications provided by a Certificate Authority (CA), which confirm that a website is authentic and legitimate. In North America, 40% of banks studied did not receive the highest rating, exemplified by the use of Extended Validation (EV) certificates to demonstrate the website’s true, authenticated identity. In Europe, 25% of banks did not receive the highest rating.
Experts Comments:
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG:
“Protecting against phishing is definitely an important function in the overall cybersecurity program of almost all organizations around the world. Enabling best-practice security measures can certainly help reduce the impact of phishing that IT security teams face.
As commonly known, other threat vectors and vulnerabilities can still be exploited, therefore additional security measures should continue to be considered.
As stated in this report, 76% of data breaches are financially motivated, which translates into “Hackers want your data.” Since it is your data that they ultimately want, another effective method for improving cybersecurity posture is the data-centric protection model. Data-centric protection means to activate security on the data itself – de-identify personal information by anonymizing the data elements, and remove credit card numbers and social security numbers by replacing them with fake numbers.
Even with improved cybersecurity defenses, hackers have proved that they can still find a way to get through in order to steal data. So why not give them something they can’t use.
A combined approach to cybersecurity may be the best approach for many organizations.”
John Handelaar, VP EMEA at Gurucul:
“Banks need to carry out Security training for is all their employees on a regular basis. Their staff need to be cyber-aware in order to understand the potential effects and dangers of clicking on links or opening attachments even if they think that they know the sender.
However, once the phishing attack has been successfully orchestrated, behaviour-based security analytics using machine learning algorithms is the only viable method of identifying abnormal and suspicious actions. Using behaviour analytics allows the banks to quickly identify and remediate threats while searching for the compromised account(s).”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.