Why Financial Services is more vulnerable than ever, and what cyber threats to defend against
While financial services companies have always been a prime target for cybercrime, there are two critical reasons why they are more vulnerable than ever before.
First, financial services companies have dramatically accelerated their digital transformations given the need to close their facilities, send their workers home, and move their transactions online as a result of the pandemic. To do so, companies digitized many of their processes and moved parts of their infrastructure to the Cloud.
These changes are very unlikely to be not going to be reversed. On the contrary, McKinsey argues that financial institutions have the highest chance of maintaining remote and hybrid work models, as three-quarters of their employees’ time can be used productively out of the office. Even more important, customers have come to enjoy simple, instant online services, and they will continue to expect abundant digital touchpoints.
Unfortunately, this permanent transformation has made financial services companies bigger and softer targets for cybercrime. This is because companies now operate a massive range of new applications, devices, and infrastructure components — any of which could offer cybercriminals an open door into the company’s network and its data.
This leads to our second point: Financial services companies are more appealing targets than ever, and thus they face an increasing volume of attacks.
When financial services companies went all-digital, they began to produce a lot more data than before. They leverage more applications, creating and exchanging data with every interaction — whether a financial operation or a transaction. This data is valuable to cybercriminals. They can sell it, or use it to commit fraud, or threaten to dump it during a ransomware attack.
In summary: Financial services companies now face an increasing tide of vulnerabilities and cyber-attacks due to permanent trends. Therefore, companies must know what threats they now face and use this information to raise effective defenses against them.
Today’s Threats: What Financial Services Must Defend Against
Verizon recently released its 2021 Data Breach Investigation Report (DBIR).
In it, they share data on 80,000 security incidents that had been reported over the prior year. They collect this data from 83 contributing security organizations, including Atos. By doing so, a clear picture emerges of what vulnerabilities and attacks are most common in today’s threat landscape.
Here is what the 2021 DBIR teaches us about the threats that financial services face.
Financial services companies are primarily being targeted with phishing, ransomware, and credential-based attacks at a top-level. Additionally, cybercriminals primarily targeted personal data, credentials, and internal banking data. Specifically, criminals on forums were often discussing bank account and credit card-related information.
These attacks are primarily financially motivated. Most malicious actors who target financial services companies belong to organized crime groups, but internal actors caused 44% of breaches.
Financial services companies are also increasingly under the thumb of regulators. This is because they are working with more sensitive and confidential information than before, and regulators are increasingly focused on making sure these companies can understand, map, and report on their exposure to cyber risk.
The DBIR provided additional key findings, including:
- Phishing increased by 11%
- Credentials were involved in 61% of breaches.
- Ransomware is up to 10% of all breaches, likely due to new tactics utilized by the attacker.
- The human element was involved in 85% of all breaches. This includes many actions such as social engineering, malware, misuse, and lost and stolen assets.
- Web Application Attacks remain high as they have in previous years.
Next Steps: Defending Your Financial Services Company
Financial services companies must find a way to maintain a highly productive remote or hybrid workforce —while maintaining high defenses, protecting their employees’ identities, enforcing access policies, and monitoring and hunting the growing wave of threats that target them.
As the traditional network perimeter continues to change, it’s necessary to establish new security boundaries that enforce the security policy at a range of architectural levels, for people and processes as well as a technical level. It will be necessary to develop plans to adopt a Zero Trust architecture in order to have the assurance that data is only being used by entities deliberately authorized and that all interactions are properly verified.