Cybercrime is rampant. It isn’t just something the news is trumping up for sensationalism. There are two big estimates, neither are reliable but as reliable as possible currently. In 2009, President Barrack Obama is quoted as referring to MacAfee’s estimate of a $1 Trillion cost to the world due to cybercrime. Fox Business reported MacAfee’s new estimate in 2013 as being $500 Billion globally. Either way, this is a very large cost for something that legitimate consumers and businesses do not get a benefit from. Retailers have been hit with cybercrime that cost them millions. Retailer Target was probably the most notable event that got people’s attention back during the 2013 holiday season, which kicked off a number of other reported retailer victims of cybercrime. And then there was this past winter when Kaspersky discovered how a group called Carbanak stole $350 Million from European banks through a patient and meticulously executed breaches.
Bank employees are particularly vulnerable to being victims and to being the gate for their banks to being victims. Many banks are using SecurID and other token-based login systems with VPN connections with the help of services by the likes of Citrix. These tools allow the bank to take control over the user, not just to prevent entry. It also allows the banks to provide offsite connections to their employees.
I have yet to hear any major bank in the world also implementing a password manager. A password manager is a piece of software that provides a unique password to every password-requiring entry-point and a password to the user with a password that is very difficult to crack, usually very long. But the user would only have to remember this one very long password. The theory is that it is far more difficult to crack a single super-password than to crack many easy ones. The data seems to bear this out. People with password managers have far less identity thefts, data thefts and other types of cybercrime.
There are always exceptions that provide some perspective about the limitations of a better solution. LastPass, one of the most popular password managers, was breached just six weeks ago. But since banks are already relying on vendor services for secured communications, shouldn’t banks improve their communication channel entry-points? The answer, of course, is “Yes.”