Financial Institutions Need to Adopt New Strategies to Fight Phishing
| Topic : Email Security
Phishing attacks are an increasing problem for national financial institutions. According to RSA's online fraud report titled "The Year in Phishing," national banks were the target of 86 percent of phishing-based cyberattacks in December 2011. The report further notes that the average profit for a cybercriminal is $4,500 per phishing attack.
As BankInfoSecurity notes, the frequency and success levels of phishing attacks aimed at banks mean these institutions need to adopt new strategies to combat phishing. Speaking to BankInfoSecurity, Markus Jakobsson, a cybersecurity expert, says that the biggest problem with the banking industry's response to phishing so far has been an under-appreciation of the human element. By focusing on the technical elements of phishing attacks, rather than the ways in which they trick people into volunteering their private data, banks' cybersecurity measures have failed to counter phishing's greatest strength.
To help financial institutions better combat phishing, BankInfoSecurity offered a number of strategies that banks may want to consider adopting. For example, they recommend banks take greater steps to make their cybersecurity warnings and practicing more easily understandable for the average customer. Most people do not have deep knowledge of the inner workings of cybersecurity, and as such measures that overwhelm an individual will end up unimplemented.
Furthermore, they recommend that banks take additional steps to help educate their customers and employees of the risks of phishing attacks. By informing individuals of specific warning signs to be wary of, banks may be able to help people protect themselves and their businesses.
One more piece of advice offered by BankInfoSecurity is to maintain consistency. As Jakobsson indicates, some security companies will tell their customers to be wary of clicking on links, but then send links themselves. This creates confusion, which further erodes an individual's ability to avoid phishing attacks.