65% of major U.S. banks have failed web security testing

Hawaii Intelligence Digest, 04 July 2017, 00:50 hrs, UTC, Post #246.



Author:  “IBS Journal”.

Accessed on 04 July 2017, 00:50 hrs, UTC.

Please click link to read the full report.


After reading this report from the “IBS Journal”, you may want to rethink how much faith you have in your local bank.  According to the non-profit Online Trust Alliance (OTA), anonymous testing of more than 1,000 financial websites shows that many U.S. banks “were among the worst for security and privacy.”  Most of the issues related to poor security for e-mails and online banking services.  Although the American Bankers Association denied the findings of the study, the message is clear:

“Look away now if you’re a US banking customer, as only 27% of the 100 largest banks in the country made the grade. The figure represents a 28% drop from 2016. According to the OTA, the sector had been showing signs of improvement. Yet, due to “increased breaches, low privacy scores and low levels of email authentication,” things have slipped.”

This is not good news for those of us who use online banking and financial services.  Given the uptick in ransomware and other malware targeting the U.S. economic infrastructure, banking on line is becoming a risky proposition.


This article should be a wake up call for all of us.  Apparently, security protocols followed by many of our larger banks are insufficient to protect their accounts.  According to Phil Liebermann, CEO of Lieberman Software, a U.S. security company, “most of the serious intrusions are from dumb mistakes made by companies that are easily remediated by a consistent approach to managing access, security and looking for significant anomalies.” Lieberman says simple, effective countermeasures are available, including “air gap, rate limiting, IP reputation, and improving identity management.”  If these measures are readily available, why haven’t these banks taken steps to implement these basic security and privacy protection measures?  There is no excuse for this irresponsible behavior.  Having been a victim of identity theft, I’ve taken a few steps to protect my personal data–some of which may interest you.  First, I don’t bank online or use ATMS.  There have been too many data breaches to suit my taste.  Going to the bank in person is inconvenient, but necessary until online security is improved.  Second, I limit my exposure on social media, which, until recently, have been lax in enforcing their own protective protocols. You don’t have to share your life with the world.  Data mining hackers can take over your personal life if you aren’t careful.  Third, I’ve added as much security layers to my blogs and websites as I can, including more complex passwords, anti-malware and anti-ransomware programs, and more frequent browser and OS updates.  And finally, I never open suspicious e-mails, strange attachments, or notices from people I don’t know.  While these measures seem a bit extreme, they are necessary in this digital age where cyber criminals and cyber warfare teams seemingly penetrate our national infrastructure with incredible ease. Hopefully, you’ll never become a ransomware target. But why take the chance?  Being an identity theft victim is no fun.  It took me months to restore my credit.  You can start by making sure your bank or financial institution is secure.  If it’s not, don’t bank online.

For the latest trends in geopolitical intelligence, strategic forecasting, terrorism, politics, and cybersecurity, please check the blog sidebars. These news feeds are updated daily.

For a daily update of geopolitical intelligence and cybersecurity issues, please visit my Daily Intelligence Briefing at https://paper.li/f-1482109921.

Opinions expressed in this blog are mine unless otherwise stated.

Thanks for joining us today.

Until next time,

Russell Roberts

Hawaii Intelligence Digest




This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: