Cyber attacks against banks are at an all-time high. With the proliferation of mobile banking, third-party technology, cloud computing, and rising persistence and sophistication of threats, financial institutions have become increasingly open and interconnected. This requires a shift away from traditional notions of trusted network environments, towards a broader view of what a comprehensive cybersecurity infrastructure really looks like.

A case in point is the attack in May on  SWIFT’s global payment network — a repeat hack which resulted in an $81 million loss for a bank in Bangladesh and smaller losses at other banks, worldwide.

Hackers used new tools and malware to first compromise, then gain entry into a traditional yet highly trusted, interconnected network where they worked unnoticed for months. Then it used a spoof email to fake SWIFT messages and trick the Federal Reserve Bank of New York into wiring money held for Bangladesh to phony accounts in the Philippines. Soon after the theft was discovered, banks in Ecuador, Vietnam and other countries found they too had fallen victim to the same kind of attacks.

Also this spring, seven Iranian computer experts were accused of executing a series of DDoS (distributed denial of services attacks) against 46 major financial institutions in 2011, 2012 and 2013. Called relentless, systematic and widespread by US Attorney General Loretta Lynch, the attacks hit many of the biggest names in the industry including Bank of America, the New York Stock Exchange, Capital One and PNC Bank.

Banks Are High Risk Hacking Targets

Despite the money banks pour into advanced cybersecurity like firewalls, anti-malware, IDS/IPS and endpoint protection tools, the sector remains a prime target of cyber attack. JPMorgan learned this the hard way in 2014, when it suffered what went down in financial services history as the biggest hack ever. The bank spent more than $250 million and had more than 1,000 staffers dedicated to cybersecurity – yet more than 83 million customer records were compromised.

Clearly, JPMorgan was no slouch when it came to cybersecurity. Yet like the others discussed here, it still couldn’t protect itself from cyber attack. Why? A number of factors were, and still are, at play, including:

• Widespread deployment of mobile apps that enable non-secured, customer-owned smartphones and tablets access to sensitive account and customer data.

• Growing adoption of cloud services that provide limited visibility into how data is stored, encrypted and transferred.

• Increasing reliance on third parties via new technologies like open APIs, which provide the potential for new business opportunities, but leave finance firms far more vulnerable to weaknesses in partners’ security postures.

Security “Fabric” Improves Responses To Threat

Stringing together “best of breed” point solutions brings with it misconfigurations, competing alerts and incompatibilities that open doors to would be hackers. A better approach for financial services firms is to implement a collaborative “security fabric” — comprehensive network, endpoint, application, data center, cloud, and access designed to integrate and work together.

A security fabric approach ensures that all security software, sensors and tools talk to each other to collect, coordinate, identify and respond to any potential threat in real-time – without affecting applications or network performance.

What does a comprehensive cybersecurity infrastructure look like for your organization? Join the conversation.