For the greater part of the last decade, the increasing concerns about cyber security threats to the financial sector induced a stern warning from G20 finance ministers in March 2017 stating, “the malicious use of Information and Communication Technologies could . . . undermine security and confidence and endanger financial stability.”
There isn’t any question that finance cyber security is paramount towards ensuring financial stability not just for affected government entities but for all consumers, as well. In addition, finance has always been a lucrative and attractive target for cyber criminals since the advent of online banking. Nonetheless, the threat landscape is only becoming more pervasive and sophisticated in nature as even nation-states are joining the ranks of cyber thieves interested in allocating and garnering easy money.
The digitization of businesses in general expands the attack surface for online criminals. Many threats to the financial sector can also arise from targets on finance customers who are easier and cheaper to hack.
Digging deeper into finance cyber security
Unfortunately, around 35 percent of all data breaches occur within the finance sector. Why wouldn’t it? Financial institutions are tasked with retaining high-value assets and data that are obviously attractive to hackers. Also, large financial institutions process millions of transactions daily making them even more vulnerable to breaches. Not only are there risks of having data stolen, but along with it comes the regulatory fines, loss of reputation, and the potential for never-ending litigation which can and has put smaller institutions out of business.
Some of the most common threats targeted at financial sector cyber security include the following:
● Distributed denial of service (DDoS)
● Insider threats
Determining that there are limits on the number of threats to the financial sector would be erroneous. Maintaining a complacency around cyber security could spell a financial disaster for any company open for business in the digital era. Threat actors are well aware that many smaller institutions have placed cyber security lower on their list of priorities making them ripe “hanging fruit” targets for both a quick score and practice.
Understanding the deficiencies in finance cyber security
For many organizations, they have yet to put formal cyber security policies into practice. They may have a partial plan, but this isn’t enough for the rising cyber crime rates all businesses face today. It’s certainly crucial to be informed, but it’s even more important to establish effective cyber security policies across the organization.
In addition, these practices and policies must be repeatable and adaptive to evolving cyber security threats. It’s one thing to have policies and practices in place. It’s even better if those practices evolve to address new threats. Consider some of these data breaches, which could have been prevented:
1. On July 29, 2019, Capital One announced that over 100 million of their credit card applications were breached when a software engineer successfully hacked into their cloud server. These applications had names, social security numbers of American and Canadian citizens, DOBs, credit scores, addresses, and more. The cyber criminal then posted the database on GitHub.
2. On December 31, 2019, Travelex, a major foreign exchange company, took all its computer systems offline when they discovered they were hit with Sodinokibi ransomware. In fact, the cyber criminals demanded $6 million to unlock the ransomware. Some of the affected partners included RBS, Barclays, and Lloyds of London. The hackers also claimed to have retrieved 5GB of personal customer data and threatened to release this data if the $6 million was not transferred. It took Travelex over a month to restore their website.
3. In February 2012, the U.S. financial exchange – BATS, Nasdaq, and CBOE – were targeted by a DDoS attack that while it did not interrupt trading, it did affect access to company websites.
Threat actors direct many of their attacks on the financial sector because they can siphon funds from consumer accounts or even use personally identifiable data to create new accounts or sell them on the dark web. With this type of information, cyber thieves can apply for credit cards, lines of credit, and other types of financial activities that are exploitative to the victims. Not to be forgotten are the devastating effects of debit card skimmers.
Preparation is key
Regardless of the technologies implemented, motivated cyber criminals will always find a way to adapt because the potential pay off is quite high. Phishing will be on the rise along with insider threats, cyber vandalism, and theft. You see, it’s not just full-time employees but contractors and remote workers can also pose a threat if they have access to systems and turn out to be cyber criminals waiting for the right time to strike.
There is also the growing problem of a shortage of cyber security talent and associated costs – many call it an industry crisis. Only the larger financial institutions can afford to hire and retain a full-time staff of the best cyber security professionals on the markets. As a result, it is critical to have a cyber security partner on your side to help prevent the ongoing and increasing threat landscape – to ensure financial sector cyber security is the top priority moving forward.
Invariably, it is not a matter of if but when your institution will be attacked. There are only two types of financial institutions: Those who have faced a data breach, and those who will. So then, good cyber security hygiene is not an option, it is mandatory.
To increase cyber resilience, established policies and practices are vital. Otherwise, a bad attack can shut an institution down and not only open the risk of data theft but also reputational loss and induce extraordinary regulatory fines. In the cyber world, a business plan is not complete without a cyber security component.
It’s time for finance cyber security to transition from partial maturity to comprehensive maturity by moving beyond IT and aligning cyber security with strategic business planning. Think of the days of opening a brick and mortar location – it wouldn’t happen without either hiring security guards, installing security cameras, having a foolproof safe and/or all of the above. You need similar protections throughout the digital landscape. With SSI, you have an expert cyber security partner who can effectively manage your cyber security environments to prevent detrimental data breaches today and in the future.