M&T Bank Shores Up Defenses Against Malware - InformationWeek
IoT
IoT
Infrastructure
News
9/23/2005
03:42 PM
50%
50%
RELATED EVENTS
[Cybersecurity] Costs, Risks, & Benefits
Feb 28, 2017
How much should your organization spend on information security? What's the potential cost of a ma ...Read More>>

M&T Bank Shores Up Defenses Against Malware

Aggressive use of security software and strict data-management policies have helped the bank fight off online attacks.

Four days after signing a contract with Symantec Corp. in April, M&T Bank got hit with a phishing attack in which a barrage of 15 million E-mails got sent to customers with the purpose of tricking them into revealing their passwords. The upshot was that the bank received a total of seven phone calls related to the incident. The Symantec anti-fraud software had detected the fraudulent E-mails and alerted M&T's customers to disregard them.

M&T Bank, a $53-billion asset bank based in Buffalo, N.Y., takes seriously the threats posed by perpetrators of phishing and pharming attacks, as well as spam, spyware, and identity theft. It's gotten hit with two phishing attacks in the past six months as perpetrators have gone down-market: Where they used to target the largest banks, they're now going after mid-tier banks like M&T.

M&T has made Symantec's Online Fraud Management Solution the crux of its strategy for combating online fraud. The system blocks fraudulent E-mails from reaching consumers and alerts the bank that customers are under attack. It also provides education and tools for customers to conduct their own desktop security assessments. M&T is offering customers a 20% discount on additional Symantec products for eliminating spyware, viruses, and other forms of malware.

To guard against customer information being lost or stolen, M&T has adopted a policy of not allowing such data to be stored on laptops; instead, information is only stored at a central location where it can be monitored. The goal is to avoid joining the list of banks that have had to notify customers of a security breach, says Matt Speare, M&T's chief information security officer.

Thanks to an aggressive and proactive patch management policy, the bank has suffered little damage from Internet-based attacks such as the recent Zotob virus, which affected only about 20 of the bank's several thousand servers. However, the number and virulence of attacks are increasing, says Speare. The greatest risk is from "supervariants" that combine attack elements, such as distributed denial-of-service and the ability to steal information. "It is going to happen," Speare says. "Someone is going to figure out how to combine four or five attack vectors and start grabbing credit card and Social Security numbers."

Internally, M&T has built up its defenses inside the perimeter. An "application security firewall," using software from Teros Inc., prevents hackers from using techniques such as SQL injection to gain access to sensitive databases. The application security firewall sits right behind the network firewall; when it detects a string of unfamiliar characters in a message from an online app, it automatically terminates the session.

Speare's 50-person group is involved from the start with every technology project that gets generated by the bank's lines of business. The information security staff is "in lockstep" with the corporate security and compliance departments, he says.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll