Though vastly different in scope and setting, each of these attacks on FinTech institutions could have been prevented by one thing: better security infrastructure.
Most cyber attacks succeed as a result of multiple problems on the victims’ behalf, and those problems are as layered as your approach to cybersecurity should be: multi-layered. Very much so. Effective cybersecurity is a machine with many arms, secure infrastructure being just one of them. Other arms, for example, might be employee training and corporate culture. Yet it is worth noting that in the case of each FinTech attack listed below, hackers relied on one broken arm in particular: internal infrastructure.
There’s secure infrastructure, and then there’s SessionGuardian. With SessionGuardian, you’ll have one arm to your machine taken care of for life.
Company: Equifax
Loss: Personal information from 143 million US accounts, 200,000 credit card numbers.
Cause of data breach: A vulnerability in the company’s website portal was left widely-known and unpatched due to failures in Equifax’s internal processes. Equifax also failed to renew an encryption certificate on one of their security tools. This allowed hackers to undetectably extract data in encrypted form for months.
Lesson: Secure infrastructure must remain up-to-date.
Company: Heartland payment systems, 2008.
Loss: As many as 100 million debit and credit cards.
Cause of data breach: A physical office robbery saw the theft of several password protected computers whose systems were unencrypted.
Lesson: Encryption always.
Company: JP Morgan Chase, 2014
Loss: Personal information of 76 million households and 7 million small businesses.
Cause of data breach: Hackers based in Eastern Europe compromised an employee’s personal computer via phishing, consequently breaching the bank’s network.
Lesson: Be confident in the anti-malware and protective structures on every single personal computer used by an employee. Train employees to detect and avoid phishing attacks.
Company: Korea Credit Bureau, 2014.
Loss: 20 million social security and credit card numbers exposed- nearly half of South Korea’s population.
Cause of data breach: An IT worker copied the data onto a USB stick in order to sell it.
Company: Educational credit management Corp, 2010.
Loss: 3.3 million clients’ personal information exposed, including social security numbers.
Cause of data breach: Hackers using ransomware known as SamSam, then holding client information for ransom.
Lesson: Up-to-date, tried and true, effective anti-ransomware infrastructure.