Skip Navigation
BlackBerry ThreatVector Blog

Hackers Are Making Bank on Financial Services – That Needs to Stop

NEWS / 07.16.19 / Kathy Au Yeung

Healthcare data might be worth more on the black market, but financial services are the targets where criminals really make bank.

At the end of last month, security researcher Brian Krebs revealed that the website for First American Financial Corp may have leaked hundreds of millions of real estate records and mortgage documents, including files going all the way back to 2003. The cause was later identified by the bank as a design flaw in one of its production applications. Unsurprisingly, there’s a lawsuit in the works which claims that the bank “failed to implement even rudimentary security measures.” First American is also under investigation by The New York State Department of Financial Services as a result of the incident.

This is a sobering lesson for financial institutions—when it comes to protecting client data, they must spare no expense. The data they protect is extremely valuable to criminals, but not as valuable as a firm’s reputation, which can be irreparably damaged by a breach.

And yet stories like this one keep making the news. Criminals continue to besiege the finance sector in force, correlating with the fact that finance firms continue to suffer exponentially more cyberattacks compared to businesses in other industries.

It’s not as though financial services organizations are lax with their cybersecurity, of course. Most do put a great deal of time and effort into the protection of client data. The problem is that, particularly with the growing prominence of the Internet of Things, the infrastructure they must manage is more complex and expansive than ever before. 

Keeping data safe as it moves across such infrastructure can seem like a Sisyphean task. It’s staggeringly easy to miss something – a software vulnerability here, an improperly-configured firewall there. And when factoring in that many sectors of the financial industry move at a breakneck pace, it’s easy to see how and why incidents like the First American breach can happen.

Investment banking is a prime example. It’s an industry where success requires immediate, seamless connectivity. Even a minor delay can damage a firm’s reputation, and a minor service interruption can destroy a firm’s relationship with an important client. Yet a data breach can do that just as effectively, perhaps more so.

Citi Orient Securities, a global investment bank headquartered in Shanghai, understands this well. Employing approximately 400 people, it provides a range of critical services for clients based all over the world. Due both to the nature of its operations and the large sums of money it traditionally manages, its systems must be ironclad.

“As investment banks, we pay a great deal of attention to data security,” says Zhang Weimin, CTO of Citi Orient Securities. “Our security measures are incredibly comprehensive, and all solutions are chosen from among leaders of Gartner’s Magic Quadrant report. Through a recent evaluation, we identified the need for a platform capable of providing stringent security for mobile endpoints.”

Citi Orient has a large volume of remote staff, particularly in its IPO office. These employees need immediate access to corporate resources in order to effectively serve the firm’s clientele. It set out to find a means of providing access that would also allow it to continue prioritizing data security.

“The demand for mobile enablement was high,” Zhang continues. “The team needed a package of safe, reliable and productive solutions that enabled them to truly realize the advantages of mobility. We also sought solutions that would be easy to learn, minimizing the cost of implementation and deployment.”

Citi Orient worked with BlackBerry partner Awingu, deploying BlackBerry® Unified Endpoint Management (UEM), BlackBerry® Work and the BlackBerry® Access secure browser, the latter of which is integrated with Awingu’s own online workstation platform. BlackBerry UEM allows the bank to maintain a single view of its entire mobile infrastructure, applying policy control evenly across devices and apps. BlackBerry Work and BlackBerry Access, meanwhile, allow staff to fulfill client needs through enterprise Personal Information Management (PIM) and secure access to corporate intranet.

“BlackBerry and its partners have met our high expectations at every turn,” says Zhang. “With the Cylance acquisition, it has a perfect layout in terms of endpoint security and artificial intelligence. We’re excited to see what it brings and to explore more solutions with BlackBerry in this respect.”

The First American breach was by no means the first of its kind, nor will it be the last. The financial services sector will continue to be a prime target for cybercriminals, and firms will continue being forced to contend with attempted hacks, account takeovers and identity theft. In the wake of this evolving threat landscape, BlackBerry will continue doing its part to keep our own financial services clients BlackBerry® Secure™.

Read the full Citi Orient case study, or learn more about BlackBerry UEM.

Kathy Au Yeung

About Kathy Au Yeung

Kathy Au Yeung serves as Director, Channel Marketing, BlackBerry.