How Financial Companies Can Stay Ahead of Cyber Threats
- By David Kim, Verizon
- September 25, 2019
Banks and financial institutions are responsible for customer’s money and sensitive financial information and are held to a higher standard for security. The information leak of the American financial corporation Capital One, which caused hundreds of millions of dollars in losses, was one of the recent cases of how data breaches can have severe consequences and cost a bank much more than just stolen information or funds.
A cyberattack can significantly damage a company’s reputation, tarnishing its image for years and costing it customers over time. Fortunately, there is also a lot they can do to protect data. To do so, they must understand the nature of cyberattacks in the financial services industry and what security measures will most effectively reduce their risks. These are especially important in the era of financial digitalization.
According to Verizon's 2019 Data Breach Investigations Report (DBIR), 88% of all cyber incidents within the financial services and insurance industries were financially motivated. Cyber attackers look for the easiest path possible to financial gain, and the financial services industry can be a cash cow.
Within the space, many cyberattacks target web applications (like cloud-based email) with the use of phishing and stolen credentials. Threat actors send phishing scams to trick users into sharing their email credentials and then use these stolen credentials to access the email account and other company systems. From there, the attacker can send fraudulent emails to customers and request funds from other employees.
Plan of Attack
Phishing has been a security concern for years, but the threat continues to evolve. C-level executives are increasingly the target in phishing attacks. According to the DBIR, senior executives were twelve times more likely to be the target of a phishing attempt than in previous years. Click-through rates on phishing links are declining (in test simulations, rates fell from 24% to 3% in the past seven years) but research shows that mobile users are more susceptible to phishing.
Cyber attackers also steal credentials or compromise financial accounts via banking Trojan botnets – malware designed to capture login details and steal information. Denial of Service (DoS) attacks are now common and used by attackers to disrupt services by flooding the bandwidth of a system to overload it. These kinds of attacks are pervasive – data shows over 40,000 breaches in the financial sector associated with botnets and 575 DoS incidents.
While the majority of breaches in the financial services industry are perpetrated by external actors (72%), privilege misuse and miscellaneous errors by internal actors are also common. Misuse is characterized as the unapproved or malicious use of organizational resources. Employees may misuse their access for personal gain – either to steal money directly or to take sensitive information to give them an advantage at another company.
Internal actor involvement in a data breach, however, doesn’t necessarily indicate malicious intent. Miscellaneous errors include incidents in which unintentional actions cause a security compromise, such as misconfiguring servers to allow for unwanted access or publishing data to a server that should not have been accessible by all site viewers.
Physical attacks against ATMs and card-present breaches involving point-of-sale environments continue to decline, at least in part because of the progress made in the implementation of chip and pin payment technology. While it is much less common for cards to be skimmed at cash registers, banks and retailers must now combat malware attacks on e-commerce applications that gather users’ payment information.
Thwarting Attacks
The good news is that financial institutions can take several steps to lower their risk of a data breach and defend against cyber-attacks. The cybersecurity measures and methods appear to be particularly important in the virtual bank, which is a neo bank with no physical branch but offers financial services through the digital channels.
- Phishing prevention: Hold frequent employee training so they can recognize and avoid phishing scams and give employees an easy way to report phishing attempts. The majority of phishing emails are most successful in the first hour, so a sound reporting system can prevent future clicks by alerting the entire organization of a phishing attempt early on. Looking beyond employees, banks can also spread security awareness to customers on the prevalence and danger of phishing.
- Two-factor authentication (2FA): Financial companies should use two-factor authentication on customer-facing applications and any cloud-based email accounts. With 2FA, even if bad actors steal a set of credentials, they can’t easily access the system because it requires additional information to authorize access.
- Monitor system access: To avoid and detect privilege misuse, banks should monitor and log employee access to sensitive financial data. They should make it clear to employees that system activities are supervised for fraudulent transactions.
- Malware monitoring and protection: Financial services organizations should monitor their systems for suspicious behaviors that indicate a botnet or DoS attack or the presence of malware. Additionally, they should ensure that they have adequate protection against these attacks by implementing anti-malware defenses.
Companies can reduce their risk of cyber-attacks by remaining vigilant about system activity and access, implementing authentication safeguards and by training employees to be aware of phishing attempts. These security measures can help financial services companies from falling victim to data breaches and keep their customers – and their money – safe from cyberattacks.
David Kim, regional managing director for Asia and Japan at Verizon, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.