An online banking platform called Digital Insight which Mint and QuickBooks use to access bank accounts suspended operations for a period of time in an effort to stop fraudulent activity. NCR, who operates Digital Insight saw that attackers appeared to automate attempts to accounts every 5 or so minutes vs brute force attacks to try and go undetected.
Turns out, hackers were using account information from other websites where they had usernames and passwords and were trying them against bank sites. They know that people tend to use the same password in many locations.
What about your bank account security? Even if your bank has MFA, if you have a financial application linked to it, the security between the application and the bank may be less restrictive giving criminals a greater chance to get in. I am not going to tell you to keep your money in a mason jar, but you desperately need to protect your financial accounts at the highest level possible.
What should you do? I will keep repeating this till everyone does it. Whatever you do, DO NOT use the same password for financial accounts that you use elsewhere. Each financial account should be unique and strong.
How do statistics affect your actions? I am reminded of a situation my father shared with me from his youth. There was a sea cave on the beach in southern CA where he grew up. As a kid he refused to go into them as he was scared there were not safe and would collapse on him. To try and comfort him, his parents told him that they had been there for thousands of years, but in his mind, that just made it more unstable thus strengthening his resolve to avoid them.
Do statistics encourage you to action or relax you because so many others are in the same boat?
Here is some information from the cybersecurity firm FireEye 2020 report.
Of the organizations interviewed:
1/2 admitted that their organization is not covered by cyber insurance.
90% of the businesses believe that the cybersecurity threat condition will not get better in 2020.
Over 72% of organizations consider the cost of cybersecurity protection reasonable or inexpensive for the value it provides with 76% of businesses increasing their spend.
Only 33% of companies feel they have a mature plan to deal with attacks and breaches.
Close to 50% do not have any cybersecurity training for employees and digging deeper only 25% have advanced/organized training.
51% answered not fully ready for a cyber attack or breach event
What three cybersecurity areas were cited as things should you can add to help your security? Vulnerability management, proactive threat hunting.
Stay safe –
Dan Adams
CEO
NENS