M&T Bank Shores Up Defenses Against Malware - InformationWeek
IoT
IoT
Infrastructure
News
9/23/2005
03:42 PM
50%
50%
RELATED EVENTS
Using Threat Data to Improve Your Cyber Defense
Aug 10, 2017
Attend this webinar to learn how you can determine which threats pose the greatest danger to your ...Read More>>

M&T Bank Shores Up Defenses Against Malware

Aggressive use of security software and strict data-management policies have helped the bank fight off online attacks.

Four days after signing a contract with Symantec Corp. in April, M&T Bank got hit with a phishing attack in which a barrage of 15 million E-mails got sent to customers with the purpose of tricking them into revealing their passwords. The upshot was that the bank received a total of seven phone calls related to the incident. The Symantec anti-fraud software had detected the fraudulent E-mails and alerted M&T's customers to disregard them.

M&T Bank, a $53-billion asset bank based in Buffalo, N.Y., takes seriously the threats posed by perpetrators of phishing and pharming attacks, as well as spam, spyware, and identity theft. It's gotten hit with two phishing attacks in the past six months as perpetrators have gone down-market: Where they used to target the largest banks, they're now going after mid-tier banks like M&T.

M&T has made Symantec's Online Fraud Management Solution the crux of its strategy for combating online fraud. The system blocks fraudulent E-mails from reaching consumers and alerts the bank that customers are under attack. It also provides education and tools for customers to conduct their own desktop security assessments. M&T is offering customers a 20% discount on additional Symantec products for eliminating spyware, viruses, and other forms of malware.

To guard against customer information being lost or stolen, M&T has adopted a policy of not allowing such data to be stored on laptops; instead, information is only stored at a central location where it can be monitored. The goal is to avoid joining the list of banks that have had to notify customers of a security breach, says Matt Speare, M&T's chief information security officer.

Thanks to an aggressive and proactive patch management policy, the bank has suffered little damage from Internet-based attacks such as the recent Zotob virus, which affected only about 20 of the bank's several thousand servers. However, the number and virulence of attacks are increasing, says Speare. The greatest risk is from "supervariants" that combine attack elements, such as distributed denial-of-service and the ability to steal information. "It is going to happen," Speare says. "Someone is going to figure out how to combine four or five attack vectors and start grabbing credit card and Social Security numbers."

Internally, M&T has built up its defenses inside the perimeter. An "application security firewall," using software from Teros Inc., prevents hackers from using techniques such as SQL injection to gain access to sensitive databases. The application security firewall sits right behind the network firewall; when it detects a string of unfamiliar characters in a message from an online app, it automatically terminates the session.

Speare's 50-person group is involved from the start with every technology project that gets generated by the bank's lines of business. The information security staff is "in lockstep" with the corporate security and compliance departments, he says.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll