Too small to care? No bank is too small for cyber-attacks

(Before It's News)

This blog has continually covered how recent high profile data breaches at Target and other major internet sites have highlighted security risks in the internet era. Adding to the list of cyber-attacks, the New York Times and Bloomberg reported recently that JPMorgan and other banks had gigabytes of data accessed by hackers.

The ongoing breaches are a significant concern for customers, and as more occur they will likely have an impact on the financial services industry. However, it is a mistake to view these attacks as isolated to mega-banks and retailers. Banks like JPMorgan are enticing national targets for organizations with government links. For example, Bloomberg reported that the FBI is investigating whether the JPMorgan hackers have ties to the Russian government.

However, not all cyber-attacks come from state-sponsored organizations. There are large numbers of small hacker groups in Eastern Europe and East Asia. Eastern European groups in particular focus on profits and are looking for data that can lead to a quick return.

For example, a May 2014 New York Department of Financial Services Report found that 16% of small institutions (banks with assets under $1 billion) were the victims of phishing attacks (where hackers send emails requesting information) as compared to 22% of medium institutions and 33% of large institutions. Similarly, 13% of small institutions were the victims of malware (malicious software) attacks as compared to 21% of medium institutions and 35% of large institutions.

Recent cases support the conclusion that community banks are not immune to cyber-attacks. For example, in May 2012 Tennessee based TriSummit Bank, a $250 million bank, was the victim of a sophisticated cyber-attack that siphoned $327,804 from Tennessee Electric Company, Inc. TriSummit was only able to claw back $135,000, leaving Tennessee Electric with a $192,656 loss. Tennessee Electric then sued TriSummit. Tennessee Electric claimed that TriSummit’s security was commercially unreasonable, among other claims.

Cases like TriSummit and recent data breach stories highlight the importance of paying attention to security risks at your bank. As this blog has previously explained, Iowa law requires that banks and corporate customers share responsibility for the security of corporate funds.

Banks and their boards of directors should not be complacent and assume that they are too small for hackers to bother with. The internet connects people from thousands of miles apart, and it doesn’t matter to hackers whether $500,000 comes from a $50 billion bank or a $50 million bank.

• Lay v. legal versions of originalism
• New Jersey Appeals Court Awards Fees and Costs Despite Illegitimate Payment Made by Automobile Wholesaler
• Pick a name, any name: Bank not liable for fraudulent use of d/b/a name
• New Orleans’s New Civil Rights Leaders; Police Should have Liability Insurance
• Administering of Martial Law: The Subversion of the Balance of Power
• Retired Cop Still Thinks He Can Kill With Impunity and Murders Moviegoer For Texting In Theater
• Ferguson, Missouri Police Murder of Michael Brown Follows Fullerton, California Police Murder of Kelly Thomas
• Thanks, Supreme Court: Voting Rights Act Gutted, Jim Crow Voting Laws Abound; Women’s Equality Trampled
• An agreement is an agreement: JPMorgan Chase tries to rescind permanent loan modification agreement
• 1.2 Billion Reasons to Worry: Hold Security reports Russian crime ring compromised 1.2 billion username and passwords