Community
Banks and financial institutions are responsible for customer’s money and sensitive financial information and are held to a higher standard for security. Data breaches can have severe consequences and cost a bank much more than just stolen information or funds. A cyberattack can significantly damage a company’s reputation, tarnishing its image for years and costing it customers over time. A successful data breach also diverts time and resources from a bank’s usual operations to fixing the problem. Banks have a lot to loose from a breach but fortunately there is also a lot they can do to protect their data and the data of their customers. To do so, they must understand the nature of cyberattacks in the financial services industry and what security measures will most effectively reduce their risks.
According to the 2019 Data Breach Investigations Report (DBIR), 88 percent of all cyber incidents within the financial services and insurance industries were financially motivated. Cyber attackers look for the easiest path possible to financial gain and the financial services industry can be a cash cow. Within the space, many cyberattacks target web applications (like cloud-based email) with the use of phishing and stolen credentials. Threat actors send phishing scams to trick users into sharing their email credentials and then use these stolen credentials to access the email account and other company systems. From there, the attacker can send fraudulent emails to customers and request funds from other employees.
Phishing has been a security concern for years but the threat continues to evolve. It’s not just rank-and-file employees who get caught in these scams – C-level executives are increasingly the target in phishing attacks. The DBIR found that senior executives were twelve times more likely to be the target of a phishing attempt than in previous years. Click-through rates on phishing links are declining (in test simulations, rates fell from 24 percent to 3 percent in the past seven years) but research shows that mobile users are more susceptible to phishing.
Cyber attackers also steal credentials or compromise financial accounts via banking Trojan botnets – malware designed to capture login details and steal information. Denial of Service (DoS) attacks are now common and are used by attackers to disrupt services by flooding the bandwidth of a system to overload it. These kinds of attacks are pervasive – data shows over 40,000 breaches in the financial sector associated with botnets and 575 DOS incidents.
While the majority of breaches in the financial services industry are perpetrated by external actors (72 percent of threat actors are external), privilege misuse and miscellaneous errors by internal actors are also common. Misuse is characterized as the unapproved or malicious use of organizational resources. Employees may misuse their access for personal gain – either to steal money directly or to take sensitive information to give them an advantage at another company. Internal actor involvement in a data breach, however, does not necessarily indicate malicious intentions. Miscellaneous errors include incidents in which unintentional actions result in a security compromise, such as misconfiguring servers to allow for unwanted access or publishing data to a server that should not have been accessible by all site viewers.
Physical attacks against ATMs and card-present breaches involving point-of-sale environments continue to decline, at least in part because of the progress made in the implementation of chip and pin payment technology. While it is much less common for cards to be skimmed a cash registers, banks and retailers must now combat malware attacks on e-commerce applications that gather users’ payment information.
The good news is financial service organizations can take several steps to lower their risk of a data breach and defend against different means of attack common in their industry. The cybersecurity measures and methods that financial companies should consider include:
Companies can reduce their risk of cyberattack by remaining vigilant about system activity and access, implementing authentication safeguards and by training employees to be aware of phishing attempts. These security measures can help financial services companies from falling victim to data breaches and keep their customers – and their money – safe from cyberattacks.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Boris Bialek Vice President and Field CTO, Industry Solutions at MongoDB
11 December
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
10 December
Barley Laing UK Managing Director at Melissa
Scott Dawson CEO at DECTA
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.