By Ben Herzberg, Chief Scientist of Satori
According to external market data, the financial sector was the most attacked in 2022 by DDoS attacks, while the number of all attacks has been constantly growing. A data breach in the financial services industry typically costs around $5.85 million, and ten percent of all attacks are financial breaches.
Certain financial institutions still need help to keep up with the cloud migration, and the growing number of cyber laws is not helping with these problems. On the other hand, phishing attacks continue to dominate the financial services industry, and companies are struggling to deal with new attacks focusing on social media.
We can safely say that companies in this sector have many security concerns. If they don’t approach these issues seriously, they can damage and even destroy their businesses. Here are some of the biggest threats the financial industry should pay attention to.
What are the biggest cyber threats for the financial industry in 2023
When the financial system is disrupted, it affects the whole economy. We are seeing emerging trends likely to take shape in 2023 and become serious challenges. Whether new or not, companies must battle those threats and deal with them to remain operational.
- Uncontrolled customer data
Companies use various technologies to gather and access large volumes of customer data. This data often contains sensitive information like customer PII and PHI. Sadly, it’s often used irresponsibly, leaked, and accessed by unauthorized third parties.
Another problem is that companies often fail to meet the compliance requirements (such as GDPR) for using this kind of customer data and get into legal issues or simply spend a lot of resources on meeting these requirements.
Gathering sensitive customer information is a double-edged sword. On the one hand, it can fuel analytics, improve customer experience, and help provide personalized service. On the other, it can become your most significant security liability.
With that in mind, here are some ways in which the finance industry can protect customer data more effectively:
- Make sure all customer data access is monitored and logged
- Ensure you have clear and deterministic data access and security policies
- Enforce the access policies across all data access
- Make sure that access that is not required permanently is given only for the required time
- Make sure you know where your sensitive data is, and prioritize its security over non-sensitive data.
- Ransomware threats
Ransomware attacks lock banking clients out of their computers and encrypt them with malicious software. Victims are then extorted for cash or information by attackers. In most cases, they don’t get back access to their devices or accounts.
Because of this, financial institutions must train their employees continuously and adopt machine-intelligent security systems for emails and social media.
Invest in security training
Continuous training keeps everyone on their toes and updated on the latest types of attacks. People with proper training can spot malicious emails, social media messages, and links to prevent getting caught in a trap.
Adopt intelligent security solutions
Machine-intelligent systems can block and flag suspicious messages, emails, and organizations. They understand context, organizational behaviors, communication relationships and use this understanding to detect messages falling outside the norm.
These systems profile communications. For example, machine learning systems can learn about genuine inquiries customers send, complaints, issues, or questions. They can build a pattern of how customers communicate, what words they use, and what they include in their messages.
Using algorithms, intelligent systems can later recognize phishing messages as they don’t fit the profile. They can also recognize harmful links and flag messages as potential attacks.
- A broader scope of cyber attacks
Ensuring better protection for the global financial system is a priority. Financial firms, institutions, tech companies, and government agencies must work together internationally to create a threat-centric approach.
A threat-centric approach means creating a security framework within the financial secretary capable of learning about threats and adjusting security strategies. However, to do this effectively, all parties involved must work together, including the government, tech companies, and financial companies.
For example, SQL injections facilitate significant financial threats, and in 2021 WordPress revealed that over 600,000 sites were vulnerable to this threat because of a plugin. This is not something the financial sector is directly responsible for.
Still, organizations need to establish relationships with the industry, government actors, tech companies, and financial authorities to share strategies, learn about global risks, and find already-applied solutions.
- Social engineering
Social engineering denotes cyber attacks relying on behavioral techniques to make people send confidential information or money. FI company representatives are often targeted for sensitive information used for extracting cash.
Social engineering attacks rely on someone’s trust and goodwill, and people need the training to recognize:
- When they are urged into doing something without an apparent reason (check all the relevant facts and resources before responding)
- Unusual URLs or attachments
- Messages asking for something unusual
- Unexpected messages
On the other hand, the finance sector can reinforce security by including verification steps that require customers to prove their identity. Identity verification solutions can be implemented to verify customer information as they have their data from official sources like government databases and credit bureaus.
That allows companies to recognize if customers are providing real information. At the same time, screening software can be used for probing onboarding customers with various questions.
The system analyzes their questions and decides whether clients should be allowed to proceed with an action (make a transaction or create an account). These solutions can also be used for real-time screening when a transaction actually happens.
However, it’s vital for financial institutions to partner up with fintech companies that can provide them with the exact tools they need.
- Mobile devices
Mobile banking is a fantastic convenience many people enjoy today, but it also comes with many security risks. These risks are constantly growing, and we’ve seen a growth of 80% in malware threats on Android smartphones showing just how important mobile security is.
That is why banks and other financial institutions must constantly test their mobile apps to detect potential issues. At the same time, they should come with additional data security features like multi-factor authentication, data encryption, secured code, and secured communication.
Banks can also use contextual authentication, smart tools that account for behaviors and context surrounding events like transactions or logins. These tools review a lot of data and use an algorithm to present a risk score which triggers automated security protocols.
- Cloud-based attacks
Cloud systems are another big security liability as they contain volumes of sensitive business data. Protecting these systems isn’t really up to the financial organizations but to their service providers.
That is why financial organizations should do their due diligence in finding reliable partners that have excellent security tracker records and strategies to ensure no damage will happen. You can do this by:
- Checking if their security is up to standards, including ISO-27018, ISO-27001, ISO-27002, ISO-27017, and ISO 27001:2013;
- Checking their identity and authentication controls like MFA, CIFA, or real-time identity monitoring
- Seeing if they outline security, support, and maintenance in their SLA;
- Checking out their storage and data center locations
- Checking if they are compliant with the PCI-DSS and EUGDP regulations
- Doing a penetration test on their infrastructure with a cybersecurity professional.
- Increased risk of supply chain attacks
Supply chain attacks target vendors that offer vital tools or services to the whole supply chain. They inject malicious code within vendor applications to infect all of their users. Software supply chains are particularly vulnerable because modern programs are written by using pre-made components like APIs, proprietary code, and open-source code.
To protect themselves against these attacks, financial organizations need to create a Zero Trust Architecture. With this structure set in place, all digital interaction stages are validated and verified, making it much more difficult for attackers to breach information through other services.
Organizations can also include Privileged Access Management because this process controls and monitors all users with access. Access control is essential, primarily when criminals target accounts already within a system.
- Defi and cryptocurrency
More and more financial services include crypto transactions, and even though this might be good news for crypto enthusiasts, these services carry many risks. DeFi projects often have internal risks as their systems aren’t secured and tested over time.
Some of the most common internal cybersecurity risks include:
- Management compromises (individuals or teams abusing their power)
- Faulty business logic
- Third-party protocol misuse
- Coding errors
All that can lead to crypto theft, identity theft, personal information leakage, etc., forcing organizations to create secure DeFi protocols by working with experienced developers.
Create a defense strategy
Banks and other financial institutions are legally obligated to uphold security controls that safeguard the confidentiality, integrity, and availability (CIA) of both their business data and client data, as these attacks can potentially cause sizable, widespread financial and reputational losses.
The financial industry should focus on safeguarding digital transformation results, expanding its cybersecurity capabilities, and building a security workforce.
Since securing your organization with a few simple measures is no longer possible, banks, financial institutions, investment companies, and other organizations now need comprehensive security strategies with experienced professionals leading the way.
About the Author
Ben Herzberg is the Chief Scientist of Satori. He is an experienced tech leader and book author with a background in endpoint security, analytics, and application & data security. Ben filled roles such as the CTO of Cynet, and Director of Threat Research at Imperva. Ben is the Chief Scientist for Satori, the DataSecOps platform.
Ben Herzberg can be reached online at https://www.linkedin.com/in/sysadmin/ and at our company website https://satoricyber.com/