As reported in the Wall Street Journal on December 21, banks are spending enormous sums on cybersecurity (Wells Fargo’s CEO John Stumpf says ‘It is the only expense where I ask if it’s enough’), and much of that is directed towards reducing risks from employees who unwittingly make it easier for hackers to breach a bank’s defenses. Employee error results in approximately 30% of data breaches, according to a survey released last month by the Association of Corporate Counsel. Banks in particular face substantial risk because they possess so much customer information, as well as huge sums of money.
Among the ways that cybercriminals gain access to protected data are out of office messages on work computers and phones , and vacation photos posted on social media ( which signal unmonitored computers ). A significant risk is posed by employees opening phishing emails, especially the increasingly sophisticated “spear phishing” emails, that appear to be requests from high-ranking bank officials. Many banks send employees simulated phishing attacks . The opening of one of these fake phishing emails may, for example, start a video to educate the employee on how they should have handled the situation.
These efforts are another indication that fighting cyber crime involves virtually all parts of an organization, not just the IT department.