Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.
The western allies have implemented unprecedented, crushing sanctions against Russia since it invaded Ukraine two weeks ago. Their impact on the Russian economy has been severe, but many experts fear the Kremlin could retaliate with cyberattacks.
Reuters reports that U.S. banks are preparing for Russian cyberattacks, although other reports suggest that Russia is likely still weighing its options. During a press briefing on March 5, White House press secretary Jen Psaki said the U.S. is prepared if cyberattacks do happen.
How real is the threat of cyberattacks—and can you trust your bank to protect your money and your personal information? We spoke with experts to learn more.
How Russia Engages in Cyber Warfare
Russia has already demonstrated its ability to engage in direct cyberattacks against governments, including Ukraine.
In 2015, Russian hackers breached the Ukrainian power grid, resulting in nationwide outages. In 2017, it installed malware on Ukraine’s accounting software, which spread across the world and caused billions in dollars in damages and disruption.
“The Russian government understands that disabling or destroying critical infrastructure—including power and communications—can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” reads guidance from the Cybersecurity & Infrastructure Security Agency (CISA), a federal agency.
As the situation has intensified, U.S. officials have expressed concern that Russia could deploy cyberwarfare attacks on government or corporate targets in the West.
“Russia’s unprovoked attack on Ukraine, which has been accompanied by cyber-attacks on the Ukrainian government and critical infrastructure organizations, may have consequences for our own nation’s critical infrastructure, a potential we’ve been warning about for months,” reads the statement from CISA.
Though there may be a heightened sense of alert right now, cyberattacks on banks aren’t new; even in times of peace, financial systems are regular targets and already have experienced breaches.
In 2021, Chase Bank, Morgan Stanley, Robinhood and other financial institutions reported either falling victim to data breaches or experiencing phishing attempts, according to the Carnegie Endowment for International Peace.
Large-scale cyberattacks aim to disrupt economies; small-scale ones focus on stealing from consumers; experts say Russia is capable of both. Hackers that target banks are usually after personal data that can be used to impersonate someone and gain access to things like bank accounts, says Stephan Gonzalez, vice president of technology risk at Achieva Credit Union.
“It all comes down to money, some way or another,” Gonzalez says. “And no consumer is too small for an attack.”
What Do Cyberattackers Want?
Large-scale cyberattacks aim to cause as much damage as possible, says Lal, usually by crippling infrastructure or aspects of the economy. A recent example includes the Colonial Pipeline incident, where Russian-affiliated hackers took down the largest fuel pipeline in the country, leading to fuel shortages along the East Coast. The hack was accomplished with a single compromised password.
Experts are using the threat of Russian cyberattacks as an opportunity to remind consumers and businesses that these threats aren’t new—and they need to be vigilant in protecting themselves.
“This is a real threat that’s here to stay, and it’s not just because we have an incident currently going on in Russia and Ukraine,” says Anurag Lal, VP and CEO of Netsfere and former director of the U.S. National Broadband Task Force for the FCC under President Obama.
The financial services industry is intertwined and if one part is hacked, it can have ripple effects that negatively impacts other parts. If payment processors were taken offline by an attack, for example, stock exchange transactions would come to a halt. If third-party providers, such as data storage services or electric utilities were compromised, millions of people and businesses could lose power.
Since they’re regularly targeted, financial systems spend a lot of money preparing for and guarding against attacks. In November 2021, the Securities Industry and Financial Markets Association, a trade association, led a global ransomware drill to practice fighting against such attacks. The drill included over 240 public and private sector institutions, including financial firms and central banks.
Big banks allocate hefty percentages of their budget toward cybersecurity; Bank of America, for example, spends $1 billion annually on its cybersecurity efforts.
How You Can Protect Yourself from a Cyberattack
A large-scale cyberattack sounds scary, and in most cases, there’s little you can do to protect yourself from being exposed to its consequences. Experts say consumers should be more concerned about smaller-scale attacks, especially when it comes to keeping their personal data safe.
Knowing how cyberattacks work, and what you can do to prevent your data from being compromised, is key to preventing your personal information from being breached. However, it’s important to note these are best practices but there no surefire way to fully protect yourself from data breaches.
Cyberattacks occur through a variety of methods, including:
- Phishing is the act of sending fraudulent communications through email or text message, usually posing as a legitimate institution, in an effort to steal sensitive data or install malware on the victim’s machine.
- Malware is software, such as viruses, spyware and ransomware that is installed after a user clicks on a dangerous link or email attachment. Malware can block access to parts of a network and transmit data from a hard drive.
Aside from being diligent with identifying potential scams and hack attempts, there are other ways to keep your accounts safe:
- Use longer passphrases in your passwords. Using passphrases (a long combination of words) in your passwords is more effective than using a complex password with special characters, and should be at least 12 characters long. Combining unrelated words to create a passphrase makes it more difficult for hackers to crack.
- Enroll in two-factor authentication. Two-factor authentication provides an extra layer of security by requiring you to complete an extra step after entering your password, usually by sending a verification code to your phone or email which you then enter to complete your login. Most banks offer this as a login option.
- Be careful of who you give personal information to. Gonzalez says hackers will commonly create fake giveaways to sign-up for so they can access identifying information to use for impersonating you and illegally accessing your accounts.
Read more: 8 Common Bank Scams (And How To Avoid Them)