Why Cyber Threats Increase During a Banking Crisis

By Rahul Mahna

With the rapid decline of Silicon Valley Bank (SVB) and Signature Bank, the financial markets have been rocked once again. Both the bond market and stock markets are trying to find stable ground, along with all the businesses that rely upon these banking institutions for their day-to-day operations. No one can predict what will happen next in the banking industry, but from a technology aspect we have a high level of confidence that there will be heightened attack vectors starting.

Cyber attackers are not the clandestine bad actors that many of us perceive them to be. Many operate under the standard ethos that traditional business workers do. They go to the office every day in proper office buildings and work the day to maximize the financial returns of their firm similar to the way many of us operate.

When optimizing for a return, cyber attackers often look for anomalies because within chaos emerges opportunity for them. The recent banking crisis is a prime example of such an anomaly. The landscape could not be set better: Thousands of businesses are rapidly changing banks, bank account numbers, credit card numbers, wire instructions and other sensitive financial-related matters. It has now become a target-rich environment for bad actors to insert themselves into a financial transition process and extract funds from a business.

There are certain things businesses can do to protect themselves in this time of transition that are short- and long-term ideas.  Because hackers predominately use technology as their means of “entering the castle,” it is highly recommended a cyber assessment  be performed to determine whether there are adequate security measures in place to protect the business. This includes evaluating not only external risks created by vendors and systems being used, but also be internal risks of tools employees use daily.

One simple example of a high-risk internal function is the email system. Hackers often use email as a way to penetrate into an organization and then wait for periods of time to learn how employees interact. Waiting for the right time (such as during a banking transition), the hackers then insert themselves and give unsuspecting business contacts false banking information. 

Although this is not always easily stoppable, there have become new software tools made available using artificial intelligence (AI) that watch for unique identifiers that stop some of these “insertions.” Examples of AI detection include observing new domain names that have been recently registered that enter into an email conversation that look similar to business emails, or for styles of employee email content that changes suddenly.

The ultimate goal of any hacker is to extract money out of a business. In this regard, and for a long-range goal, businesses are urged to conduct a cash disbursement audit to determine whether the processes being used to issue corporate funds have controls commensurate with the risk. A series of well-thought-out controls can have multiple layers of assurance that can safeguard a business so that even if a hacker does enter into a conversation they would be thwarted by such controls or at least damage was minimal.

Many of these ideas take time and energy and further, many of these issues are current and need to be handled immediately. In the short run, it is urged that organizations go back to basics and do things the old fashion way – use the telephone. If a client/vendor/employee is asking for changes to banking information, call them and get verbal assurance that the request is valid and authentic. It’s better to go slowly and be careful than be the victim during an already stressful financial time.