New Report Reveals Troubling Security Gaps At Midmarket Banks

The report data was compiled from penetration tests conducted at 350 regional and community banks across the country.

Banking and the financial industry overall are among the biggest targets for cyberattacks. One report revealed that the financial services industry saw a 177 percent increase in cyber incidents from 2022 to 2023.

Large banks and financial institutions have the means to employ the most sophisticated cybersecurity technologies and hire highly skilled security staff.

Smaller and midsize banks are faring worse, according to a new report from Neovera, an enterprise managed cybersecurity and IT services provider.

Neovera compiled data from penetration tests conducted at 350 regional and community banks across the country that manage assets ranging from $200 million to $45 billion daily. The data is from testing from August 2023 to August 2024.

Here are some key takeaways from Neovera’s report:

“A good example of password issues is something we’ve seen time and time at midmarket banks. They might set a strong password for wireless internet but not realize that there’s also a blank/default password for the actual router itself, which, if not changed, could be an access point for hackers. A lot of times, it comes down to a lack of cybersecurity expertise,” said Scott Weinberg, Neovera founder and CEO.

“Some systems need legacy protocols, like NetBIOS. While these types of protocols are outdated and more susceptible to exploitation, you can’t stop using them if they’re required to keep applications running smoothly. It’s just essential to isolate these systems from the rest of your network.

“If we can find these issues on an initial penetration test, hackers can too.

“At the end of the day banks are major targets for hackers, and no size organization is off limits. Community and regional banks manage millions to billions of dollars in assets every day, which can mean big paydays for ransomware attacks. That’s why these organizations need true awareness of what’s happening with their cybersecurity posture. That includes continuous monitoring, strong vulnerability and patch management programs, data encryption, endpoint protection and more. If you don’t have a team focused on this today, it’s time to connect with a partner who can help,” he added.

Read Neovera’s full report here.