This digital transformation is seeing the financial services industry increasingly turning to online portals, social media, and mobile apps in order to satisfy an ever more demanding customer base – people now expect everything to be done here and now with a minimum of fuss. Paradoxically, these new digital platforms, along with a more competitive landscape where we are seeing lower costs and a lower barrier to entry, are making it even easier for cybercriminals to exploit customers. Indeed, with more and more people turning to online banking and using 3rd party apps, cybercriminals are now able to target an even larger pool of victims.
Open Banking is a great illustration of all of this. Essentially Open Banking is a series of reforms that deal with how banks deal with consumer financial information. What it will effectively do is break the monopoly that banks once had over their customer’s account information. By doing so it will allow a new ‘generation’ of 3rd party businesses to compete with financial services organizations to be able to access customer data. All well and good you might think but there are new security challenges to face with these new organizations suddenly being able to access all of this consumer financial data. Where you now have sensitive data passing via an open interface, it becomes extremely vulnerable to cyberattack.
We have already seen in the UK, customers banking with the likes of Barclays, HSBC and Lloyds Bank to name but a few, being targeted by criminals via the malicious use of banking trojans. Such activity targets customers by spamming them with emails containing a type of virus essentially – clicking on a link within the email effectively allows the hackers in and then they are free to do what they want.
So what do the statistics on financial services cybercrime tell us? Well, for example, a very recent report by ZeroFOX suggested a 56% year-over-year increase in digital threats targeting the financial space. As part of the report, researchers scanned 2.9 billion pieces of content and found more than 8.9 million security events in a 12-month period. Interestingly, the report showed that financial services firms are more prone to corporate social media account takeover. Unsurprisingly, fraud made up 40% of all cyberattack activity against financial services including money-flipping schemes, customer giveaway scams and scams related to cryptocurrency; fake mobile apps also made an appearance.
Another report by Fortinet illustrates the impact that cyber threats have had on several industries, including financial services. It highlighted the massive growth in one particular threat, Coinhive which focuses on Monero cryptocurrency – cybercriminals were able to install JavaScript files onto compromised websites and make illicit gains. And even though the cybercriminals were eventually thwarted by the dismantling of Coinhive, those behind the attacks will be developing new ways of launching successful attacks.
And let us not forget that financial services firms are also under the regulatory microscope; here in the UK, the FCA is able to levy fines on those organizations that are found to be wanting if their customers suffer due to a cyber attack.
There are practices that organizations can put into action, especially those that promote governance and put cyber risk on the board agenda. How many big fines need to be paid before the C-suite understands the importance of proper investment in solutions and training that can help to defend from attack? Organizations need to be identifying and protecting information assets, they need to be alert for emerging threats and they need to be ready to respond. Also, keep testing and refining defenses – cybercrime techniques advance at a rapid pace.
Ultimately, there is no silver bullet to defend against all of these growing and ever-more sophisticated attacks. The potential rewards for cybercriminals targeting financial institutions can be potentially staggering and so those organizations in this industry must rely on threat intelligence in order to identify threats and understand the impact that a cyberattack could have on network security and customer confidence. Such threat intelligence highlights those threats that are perhaps no longer active but where there is still a cycle of risk development; just like a medusa, when one threat is vanquished another quickly fills the void.
If you have any questions about how we can help you optimize you protect your business against cyberattacks, contact us today to help you out with your performance and security needs.
Latest Articles
Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]
What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]
73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]
Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices. But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]