1st February, 2017
3 Min read
Book a Demo
This digital transformation is seeing the financial services industry increasingly turning to online portals, social media, and mobile apps in order to satisfy an ever more demanding customer base – people now expect everything to be done here and now with a minimum of fuss. Paradoxically, these new digital platforms, along with a more competitive landscape where we are seeing lower costs and a lower barrier to entry, are making it even easier for cybercriminals to exploit customers. Indeed, with more and more people turning to online banking and using 3rd party apps, cybercriminals are now able to target an even larger pool of victims.
Open Banking is a great illustration of all of this. Essentially Open Banking is a series of reforms that deal with how banks deal with consumer financial information. What it will effectively do is break the monopoly that banks once had over their customer’s account information. By doing so it will allow a new ‘generation’ of 3rd party businesses to compete with financial services organizations to be able to access customer data. All well and good you might think but there are new security challenges to face with these new organizations suddenly being able to access all of this consumer financial data. Where you now have sensitive data passing via an open interface, it becomes extremely vulnerable to cyberattack.
We have already seen in the UK, customers banking with the likes of Barclays, HSBC and Lloyds Bank to name but a few, being targeted by criminals via the malicious use of banking trojans. Such activity targets customers by spamming them with emails containing a type of virus essentially – clicking on a link within the email effectively allows the hackers in and then they are free to do what they want.
So what do the statistics on financial services cybercrime tell us? Well, for example, a very recent report by ZeroFOX suggested a 56% year-over-year increase in digital threats targeting the financial space. As part of the report, researchers scanned 2.9 billion pieces of content and found more than 8.9 million security events in a 12-month period. Interestingly, the report showed that financial services firms are more prone to corporate social media account takeover. Unsurprisingly, fraud made up 40% of all cyberattack activity against financial services including money-flipping schemes, customer giveaway scams and scams related to cryptocurrency; fake mobile apps also made an appearance.
Another report by Fortinet illustrates the impact that cyber threats have had on several industries, including financial services. It highlighted the massive growth in one particular threat, Coinhive which focuses on Monero cryptocurrency – cybercriminals were able to install JavaScript files onto compromised websites and make illicit gains. And even though the cybercriminals were eventually thwarted by the dismantling of Coinhive, those behind the attacks will be developing new ways of launching successful attacks.
And let us not forget that financial services firms are also under the regulatory microscope; here in the UK, the FCA is able to levy fines on those organizations that are found to be wanting if their customers suffer due to a cyber attack.
There are practices that organizations can put into action, especially those that promote governance and put cyber risk on the board agenda. How many big fines need to be paid before the C-suite understands the importance of proper investment in solutions and training that can help to defend from attack? Organizations need to be identifying and protecting information assets, they need to be alert for emerging threats and they need to be ready to respond. Also, keep testing and refining defenses – cybercrime techniques advance at a rapid pace.
Ultimately, there is no silver bullet to defend against all of these growing and ever-more sophisticated attacks. The potential rewards for cybercriminals targeting financial institutions can be potentially staggering and so those organizations in this industry must rely on threat intelligence in order to identify threats and understand the impact that a cyberattack could have on network security and customer confidence. Such threat intelligence highlights those threats that are perhaps no longer active but where there is still a cycle of risk development; just like a medusa, when one threat is vanquished another quickly fills the void.
If you have any questions about how we can help you optimize you protect your business against cyberattacks, contact us today to help you out with your performance and security needs.
Latest Articles
In this webinar, we reveal a solution that cuts big data costs by 23% and enhances system efficiency - without changing a single line of code. We’ll also explore 7 key practices that will free your engineers to process and analyze data at the pace and scale they need - and ensure they never lose control of the process.
Developer AXE-WEB
15th April, 2024
The move to the cloud has enabled tech leaders to modernize their infrastructure and improve application availability, scalability, and performance.
Yaniv Cohen
Cloud Engineer @ GlobalDots
31st March, 2024
It’s easy for managers and team leaders to get caught up in the cultural scrum of FinOps. Hobbling many FinOps projects, however, is a lack of on-the-ground support for the DevOps teams that are having to drive this widespread change – this is how all too many FinOps projects become abandoned on the meeting room […]
Nesh (Steven Puddephatt)
Senior Solutions Engineer @ GlobalDots
27th March, 2024
Achieving FinOps is a tall order: it demands a degree of organizational self-awareness that some companies are constantly battling for. Consider the predicament that many teams find themselves in: while their cloud environments may contain a number of small things that could be optimized, there are no single glaring mistakes that are consuming massive quantities […]
Nesh (Steven Puddephatt)
Senior Solutions Engineer @ GlobalDots
27th March, 2024