The success of the Carbanak malware used to steal over $1bn from 100 banks in more than 30 regions across the world proves the need for better cyber security employee awareness, according to researchers.
Carbanak was uncovered by researchers at Kaspersky and is believed to have been one of the most successful cyber attack campaigns against the finance industry in recent memory.
The Carbanak threat is listed as dangerous as it mounts an ongoing surveillance operation targeting administrators.
It is focused on finding undetectable ways into systems such as money processing services, ATMs and financial accounts, before actually stealing money.
However, despite its technical proficiency, many researchers have said that the most interesting feature of Carbanak is that the primary infection mechanism is a phishing message.
Andy Settle, chief cyber security consultant and head of practice at Thales UK, argued that the use of phishing emails proves the need for more robust cyber security education programmes.
"Perhaps the most salient point for organisations is that this was only achieved due to human error," he said.
"Without unsuspecting employees clicking on the spear phishing links, the criminals would never have been able to infiltrate and control the network.
"If anything, this illustrates that people will always present an organisation's biggest weakness, no matter how good its technological defences.
"Organisations need to ensure not only that they have confidence in the ability and integrity of staff and contractors, but that they have adequate measures to address matters when they do go wrong."
KPMG cyber security team member Konrads Smelkovs mirrored Settle's sentiment, arguing that it was the attackers' persistence that made Carbanak so effective.
"The tools used by these cybercrime gangs weren't particularly sophisticated. It was the persistence and cautious approach of the criminals that netted them the prize," he said.
Kevin Epstein, vice president of advanced security and governance at Proofpoint, similarly played down Carbanak's importance, saying that we will see similar, if not more dangerous, attacks in the very near future.
"This is a classic attack remarkable only for the level of loss, which is unlikely to remain record-setting for long," he said.
"We see and block these attacks every hour of every day. Banking malware and phishing tactics are evolving faster than banks' gateway appliances can update.
"The magnitude should serve as a wake-up call for any institution not yet using modern cloud-based targeted attack protection and threat response systems.
"For companies using legacy anti-spam systems, it is only a matter of time - possibly hours - until the next breach."
Martin Lee, cybercrime manager at Alert Logic, added that companies will have to rethink their security strategies and invest in intelligence-based detection technologies to truly protect against attacks like Carbanak.
"These types of attack underline how difficult it is to discover bespoke pieces of malware using traditional signature-based detection methods," he said.
"Organisations need to routinely collect data so that they can spot anomalies, and have the resources to conduct investigations to identify the root cause.
"Only through constant vigilance and paranoia at being infiltrated can organisations hope to detect and react to attacks such as these. If an attacker knows your systems and procedures better than your own IT staff, it will be a tough fight to detect and unseat the attacker."
Lee is one of many security professionals to argue that perimeter-based defences are no longer effective.
Researchers highlighted a wave of attacks targeting zero-day vulnerabilities in Adobe Flash earlier this year as evidence that legacy defences are simply not adequate.
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps