Are Financial Services the Golden Goose for Cybercriminals?

This article originally appeared in November 2019 issue of Cyber Defense Magazine

 

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

The financial services industry has been a long-time favorite target for cybercriminals. They are always looking to steal information related to payment cards, online accounts, and ATM machines. The cybersecurity landscape is constantly shifting and changing and the threatscape is no different – threats such as ransomware or crypto mining are continuously evolving and others, new forms of malware are constantly presenting themselves.

As the financial services sector joins other industries in a journey of digital transformation, they face the challenges of blending new technologies with legacy systems, whilst also having to meet ever-changing compliance standards.

Credit card – online shopping and payments

This digital transformation is seeing the financial services industry increasingly turning to online portals, social media, and mobile apps in order to satisfy an ever more demanding customer base – people now expect everything to be done here and now with a minimum of fuss. Paradoxically, these new digital platforms, along with a more competitive landscape where we are seeing lower costs and a lower barrier to entry, are making it even easier for cybercriminals to exploit customers. Indeed, with more and more people turning to online banking and using 3rd party apps, cybercriminals are now able to target an even larger pool of victims.

Open Banking is a great illustration of all of this. Essentially Open Banking is a series of reforms that deal with how banks deal with consumer financial information. What it will effectively do is break the monopoly that banks once had over their customer’s account information. By doing so it will allow a new ‘generation’ of 3rd party businesses to compete with financial services organizations to be able to access customer data. All well and good you might think but there are new security challenges to face with these new organizations suddenly being able to access all of this consumer financial data. Where you now have sensitive data passing via an open interface, it becomes extremely vulnerable to cyberattack.

We have already seen in the UK, customers banking with the likes of Barclays, HSBC and Lloyds Bank to name but a few, being targeted by criminals via the malicious use of banking trojans. Such activity targets customers by spamming them with emails containing a type of virus essentially – clicking on a link within the email effectively allows the hackers in and then they are free to do what they want.

So what do the statistics on financial services cybercrime tell us? Well, for example, a very recent report by ZeroFOX suggested a 56% year-over-year increase in digital threats targeting the financial space. As part of the report, researchers scanned 2.9 billion pieces of content and found more than 8.9 million security events in a 12-month period. Interestingly, the report showed that financial services firms are more prone to corporate social media account takeover. Unsurprisingly, fraud made up 40% of all cyberattack activity against financial services including money-flipping schemes, customer giveaway scams and scams related to cryptocurrency; fake mobile apps also made an appearance.

Another report by Fortinet illustrates the impact that cyber threats have had on several industries, including financial services. It highlighted the massive growth in one particular threat, Coinhive which focuses on Monero cryptocurrency – cybercriminals were able to install JavaScript files onto compromised websites and make illicit gains. And even though the cybercriminals were eventually thwarted by the dismantling of Coinhive, those behind the attacks will be developing new ways of launching successful attacks.

And let us not forget that financial services firms are also under the regulatory microscope; here in the UK, the FCA is able to levy fines on those organizations that are found to be wanting if their customers suffer due to a cyber attack.

There are practices that organizations can put into action, especially those that promote governance and put cyber risk on the board agenda. How many big fines need to be paid before the C-suite understands the importance of proper investment in solutions and training that can help to defend from attack? Organizations need to be identifying and protecting information assets, they need to be alert for emerging threats and they need to be ready to respond. Also, keep testing and refining defenses – cybercrime techniques advance at a rapid pace.

Ultimately, there is no silver bullet to defend against all of these growing and ever-more sophisticated attacks. The potential rewards for cybercriminals targeting financial institutions can be potentially staggering and so those organizations in this industry must rely on threat intelligence in order to identify threats and understand the impact that a cyberattack could have on network security and customer confidence. Such threat intelligence highlights those threats that are perhaps no longer active but where there is still a cycle of risk development; just like a medusa, when one threat is vanquished another quickly fills the void.

If you have any questions about how we can help you optimize you protect your business against cyberattacks, contact us today to help you out with your performance and security needs.

Latest Articles

How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

29th September, 2024
Migrating Volumez RedHat VMs into Amazon Linux 2 for higher effective discounts rate of Saving Plan

A cloud data infrastructure company relied on extensive use of multiple instance types to test its products. But this made it difficult to optimize costs – a fact which had begun to impact their ability to scale the business.   The GlobalDots team helped the company identify and implement a new infrastructure configuration that both saved […]

19th September, 2024
How Yuki Achieved SOC 2 Compliance 6x Faster

Overview A fast-growing Snowflake optimization platform was missing out on customers because they didn’t have the right data security compliance. Through multiple consultations and extensive vendor-testing, the GlobalDots team selected a solution to provide both tech and human support, helping the company achieve SOC 2 compliance within just 3 months – and win new customers […]

16th September, 2024
Agile Content partners with GlobalDots to revolutionize CDN management ahead of IBC 2024

New partnership between Agile Content and GlobalDots promises to introduce automated multi-CDN solutions, optimizing content delivery and easing provider management for broadcasters worldwide. Amsterdam, Netherlands, September 9th, 2024 – Agile Content, a leading provider of digital TV and video distribution solutions, proudly announces its strategic partnership with GlobalDots, a global leader in cloud performance optimization and […]

Miguel Fersen Director for Iberia and LATAM, GlobalDots
12th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services