Aggressive use of security software and strict data-management policies have helped the bank fight off online attacks.
Four days after signing a contract with Symantec Corp. in April, M&T Bank got hit with a phishing attack in which a barrage of 15 million E-mails got sent to customers with the purpose of tricking them into revealing their passwords. The upshot was that the bank received a total of seven phone calls related to the incident. The Symantec anti-fraud software had detected the fraudulent E-mails and alerted M&T's customers to disregard them.
M&T Bank, a $53-billion asset bank based in Buffalo, N.Y., takes seriously the threats posed by perpetrators of phishing and pharming attacks, as well as spam, spyware, and identity theft. It's gotten hit with two phishing attacks in the past six months as perpetrators have gone down-market: Where they used to target the largest banks, they're now going after mid-tier banks like M&T.
M&T has made Symantec's Online Fraud Management Solution the crux of its strategy for combating online fraud. The system blocks fraudulent E-mails from reaching consumers and alerts the bank that customers are under attack. It also provides education and tools for customers to conduct their own desktop security assessments. M&T is offering customers a 20% discount on additional Symantec products for eliminating spyware, viruses, and other forms of malware.
To guard against customer information being lost or stolen, M&T has adopted a policy of not allowing such data to be stored on laptops; instead, information is only stored at a central location where it can be monitored. The goal is to avoid joining the list of banks that have had to notify customers of a security breach, says Matt Speare, M&T's chief information security officer.
Thanks to an aggressive and proactive patch management policy, the bank has suffered little damage from Internet-based attacks such as the recent Zotob virus, which affected only about 20 of the bank's several thousand servers. However, the number and virulence of attacks are increasing, says Speare. The greatest risk is from "supervariants" that combine attack elements, such as distributed denial-of-service and the ability to steal information. "It is going to happen," Speare says. "Someone is going to figure out how to combine four or five attack vectors and start grabbing credit card and Social Security numbers."
Internally, M&T has built up its defenses inside the perimeter. An "application security firewall," using software from Teros Inc., prevents hackers from using techniques such as SQL injection to gain access to sensitive databases. The application security firewall sits right behind the network firewall; when it detects a string of unfamiliar characters in a message from an online app, it automatically terminates the session.
Speare's 50-person group is involved from the start with every technology project that gets generated by the bank's lines of business. The information security staff is "in lockstep" with the corporate security and compliance departments, he says.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.