By Kayla Matthews
Cyber attacks are increasingly significant risks in general in today’s society. But some industries face exceptional threats. According to recent reports, the financial sector is one of them.
That’s likely because cybercriminals know the high stakes and the potential to disrupt financial businesses around the world. Here are some of the top takeaways that people should know about this emerging issue.
No Single Preferred Kind of Attack
Cyber attacks would be easy to conquer if the criminals behind them tended to engage in one particular attack most often. Unfortunately, that’s not the case in the financial sector. A couple of things are clear, though: Financial industry attacks are going up and becoming more advanced.
Carbon Black and Optiv teamed up to release a report that specifically looked at cyber attacks in finance. The document became available in March 2019, and 67 percent of the financial services companies surveyed for it reported an increase in those incidents over the past year. Moreover, 79 percent of the respondents said the cyber attacks have gotten more sophisticated.
Additionally, the findings showed a substantial variety in the kinds of attacks the criminals decided to carry out. Of the 79 percent that mentioned more sophisticated attacks, many noted that criminals showed a preference for social engineering or other kinds of attacks that exploited people or processes.
Then, 47 showed an uptick in wire transfer fraud, while there was a 32 percent rise in “island hopping.” This happens when criminals commandeer supply chains and partners to target the primary institution.
The researchers covered home equity loan fraud in the report, indicating it had risen by 31 percent. For those instances, cybercriminals would either target consumers with home equity loans through spear phishing attacks or set their sights on the organizational level by looking for weak points.
Destructive Attacks Soar
An even more worrisome trend is that 26 percent of the financial institutions in the survey reported an increase in destructive attacks in the past year.
In those instances, the perpetrators usually don’t want financial gain but instead seek to punish the financial institutions by destroying their data. The 26 percent statistic may seem small, but it represents a 160 percent increase compared to 2018 data.
The Problem Is an Ongoing and Global One
NTT Security published a different report about worldwide cybersecurity threats in 2019, similarly concluding that cybercriminals increasingly target the finance industry. It showed that they attacked financial brands 17 percent of the time during the last year — tying with the tech sector — and noted that the financial sector had been the most frequently attacked over the last six years.
The research also concluded that, for all global hostile threats, 46 percent of the issues were web-based attacks and 28 percent were service-specific attacks. Although the report did not go into specifics to say where the financial-related incidents usually originated, it clarified that, across all sectors, the cyber threats most often came from the United States and China.
When the report took a region-specific look at attacks in the financial sector, there were some interesting differences. Firstly, in the Americas, financial breaches accounted for 16 percent of attacks in 2018, down from 43 percent in 2017, to indicate a substantial improvement.
On the other hand, attacks on financial brands in Europe, the Middle East and Africa (EMEA) nearly doubled between 2017 and 2018, with that region seeing attacks in the financial sector 22 percent of the time in 2017 and 43 percent a year later.
How Can Financial Brands Get Prepared and Fight Back?
Analysis within the NTT Security research paper asserts that when cybercriminals attack the finance sector, they tend to move away from attacking particular applications and instead look for ways to disrupt operations in widespread ways. As such, the organization believes there could be attacks that affect critical parts of a nation’s infrastructure.
If the electrical grid were to be compromised by hackers, banks couldn’t keep operating for very long. Statistics show that the cost of downtime for financial brands with online brokerages is $6.48 million per hour. Banks can prepare for electrical outages that compromise their data center operations by securing emergency fuel supplies.
Experts also say it’s helpful for financial institutions to team up and share ideas to safeguard themselves from cyberattacks. Some of them point out that newer financial brands have the advantage of more modern systems, meaning they don’t need to upgrade legacy equipment. However, those younger entities may focus on scaling up first and treat cybersecurity as an afterthought. Soliciting advice from the broader industry could aid preparations.
Finance brands are investing more in artificial intelligence, too. Some of the solutions they choose that use the technology are customer-facing, such as those with recognition capabilities that let people show documents and set up new accounts without visiting branches. But AI can also assist with fraud prevention and stopping cybersecurity breaches.
In Canada, the head of the nation’s cybersecurity organization specifically appealed to bankers to work with the agency as part of an aim to show hackers that Canada is not an appealing target for their orchestrated attempts. Other collaborations between financial institutions and national cybersecurity branches could stimulate more progress than banks might achieve without help.
A Pressing Problem
The research shows that financial brands cannot afford to be complacent when it comes to cyber attacks.
They’re becoming more frequent and diverse. Financial institutions need to adopt the mindset of “not if, but when” as they get equipped to prevent and minimize the damage from cyber attacks.