Financial services organizations operate with high volumes of valuable data, making them an attractive target for hackers. They are vulnerable to scams, fraud and banking Trojans, so data security in this sector is critical. IT executives struggle to optimize cybersecurity, as they often deal with low budgets and a lack of skilled workers to implement better security. These are top roadblocks, especially as open banking exposes their data and infrastructure to third-party vulnerabilities.
The financial services industry falls victim to cybersecurity attacks 300 times more often than any other. 47.5% of financial institutions were breached in the past year, while 58.5% have experienced an advanced attack or seen signs of suspicious behavior in their infrastructure, according to a Bitdefender white paper.
A look back on 2018 shows the financial services industry turned out to be the most at risk, with security incidents and breaches skyrocketing. Top threats to the financial services industry include cloud security and third-party risks, while the most prevalent techniques are DDoS, social engineering, spear-phishing, ransomware and insider threats, according to a Bitdefender white paper.
The financial services industry has been one of the most targeted in 2018, with third-party risks still the main cause of data breaches in this sector. Almost 50 percent of financial institutions were breached in the past year, found a survey conducted by Bitdefender, while almost 60 percent experienced an advanced persistent attack or seen signs of suspicious behavior in their infrastructure.
As many as 93 percent of companies in the Forbes Global 2000 list don’t include a vulnerability disclosure policy among top business concerns, according to HackerOne’s The Hacker-Powered Security Report 2018, a deep dive into bug bounty and vulnerability disclosure in the financial services and insurance industries.
Bitdefender has recently investigated a series of advanced cyberattacks aimed at financial institutions, designed to covertly exfiltrate massive amounts of money in coordinated strikes.
Businesses cannot come up with a mitigation strategy to efficiently detect, identify and manage insider threats, according to research from the Ponemon Institute, so they risk the loss of critical confidential data and resources, network shutdown and reputational damage. In the past year, 159 organizations from the United States, Canada, Europe, Middle East, Africa, and the Asia-Pacific region dealt with 3,269 security breaches caused by insider threats due to plain negligence.
The ease-of-exploit rating has made the financial sector a cybercrime magnet for years, especially for targeted extortion attacks. The industry has fallen victim to numerous security breaches, data exfiltration hacks, DDoS attacks taking down global online operations and disrupting services, and has lost millions to malware and ransomware attacks. So what’s next?
Ever since the first data breach notification law went into effect July 1, 2003 in California (SB 1386), there has been controversy surrounding what types of data being exposed should trigger data breach notifications, who should be notified, and how quickly they should be notified. In fact, it’s become somewhat of a mess.
It’s hard to believe but the conversation around how security fits in DevOps has been going on for years. It was in 2012 when Gartner analyst Neil MacDonald wrote his blog DevOps Needs to Become DevOpsSec. In this blog MacDonald wrote “DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT.”
A recent cyberattack on India’s City Union Bank abused the SWIFT global payments platform to transfer $2 million into accounts in Dubai, Turkey and China. While details of the cyberattack were not made public as the incident is still under investigation, officials claim hackers disabled the bank’s SWIFT-connected printer on Feb. 6, preventing City Union Bank from receiving any acknowledgement messages for the three fraudulent transactions.
In the past two years, cyberattacks on the financial sector have picked up speed. As companies in the sector struggle with the major shift toward digital transformation, some are caught off guard by the significant rise of malware designed specifically to target their sector, such as Dyre Trojan, Dridex, hybrid banking Trojan GozNym and TrickBot. Once the network is infiltrated, hackers can easily steal, read, alter and even erase top secret information.
