Cyber Security has been one of the largest evolving threats to the financial sector. In 2021 alone, the global cost of cybercrime was six trillion USD.
Cyber attacks on the financial sector have increased dramatically, both because malicious actors have gained in sophistication and because the volume of potential targets or points of entry has increased. Second to healthcare in the hierarchy of the majority of cybersecurity attacks, the industry is being harassed from every direction by cybercriminals. This data shows an expanding ransomware threat in all industries, not just financial services firms. A staggering 22% of all ransomware incidents globally targeted the financial sector in 2021. And 37% of all global attacks from Nation-State backed threat actors in the same year.
Financial services firms are being targeted with some of the most sophisticated attacks seen within the Cyber Security industry. Nation-state attacks launched by foreign governments, as well as state-sponsored attacks that include affiliated cybercriminal groups (Hybrid threats), are the two main risks for financial services firms. Threat actors have attempted to hack companies in the financial services industry more frequently than in any other sector, with the exception of health care. The Federal Reserve Bank of New York noted a report that found that financial firms were targeted by cyberattacks 300 times as often as other industries, underscoring just how tempting the banking sector is to cybercriminals.
The financial sector’s digital transformation brought on in recent years, with its mobile apps, online banking, and an increased reliance on third-party services, has opened up the financial sector to future attacks. Financial services are also facing the highest costs of any sector when it comes to dealing with cyber attacks and the consequences. With the average cost of a data breach being 4.24 million USD in 2021, rising from an average recovery cost of 3.86 million USD in 2020. And the financial sector raises this to an average recovery cost of a staggering 5.72 million USD. Even though most financial institutions have highly robust cyber attack-resistant systems of their own, third-party service providers can be the weakest link in a cybersecurity chain. Often, financial institutions will have complex security measures but will depend on third-party providers, like cloud providers, to handle the cost of compliance.
Even when banks have secured systems, if they rely on third-party vendors for some services, there can be an increased risk that they could get compromised. Banks should make sure that all their service providers are up-to-date and able to protect against modern cyber threats. To protect against supply chain attacks, financial services are advised to adopt zero trust architectures with robust policies around Privileged Access Management. In response to this cyber threat, financial organisations should deploy security controls specific to credentials typically required for opening new accounts.
Financial institutions must be prepared to handle these attacks and must know how to quickly react in order to minimize the damage done to their institutions and customers’ personal data. As a financial institution, it is absolutely critical you look at ways to mitigate threats to your cyber security, but also still have options available for customers to use in an easy, customer-focused manner. New threats like the ability to bypass even the most sophisticated defensive solutions have emerged. Leading to an even greater need to have a layered system for defence.
Banks in Chile and Seychelles, and financial technology companies like Silverlake Axis, which provides key banking systems across the Asia-Pacific, were reportedly targeted by individual ransom and extortion attempts. Elsewhere, threats by cyber criminals caused automated teller machine (ATM) transactions to suspend overnight, while hackers recently took websites offline associated with a stock exchange using distributed denial-of-service (DDoS) attacks. Such disruptions have not only affected customers of those services but have undermined trust among peers within the financial services community. An estimated 1,500 businesses have been hit by a cyberattack and suffered Ransomware compromises.
JBS, one of the largest meat-processing companies in the world, was also hit by a ransomware attack, paying $11 million to ensure the safety of their data. Not only did cybercriminals walk away with millions, but Virtu Financial Insurance carriers also refused to cover much of the losses. Ransomware remains a growing cyber threat for both smaller and larger financial institutions, according to data from Microsoft and CrowdStrike. Nation-states and organised cybercrime groups are beginning to cooperate, sharing tools, resources, and funds, leading to increased attacks, including the use of advanced Zero-Days. This was shown by the threat group WizardSpider deploying Chrome Browser exploits. These exploits have previously only been within the abilities of Nation-State-backed attackers.
International regulators have responded to an increase in financial services cyber threats by creating new rules that regulate financial services organisations that are subject to government regulation. This is because financial services firms are working with more sensitive and classified information than in the past, and regulators are becoming more concerned about making sure that these firms are able to understand, map, and report their cyber risks. In an effort to head off potential safety issues, the Dubai International Financial Center (DIFC) has started to implement more stringent Cyber Security policies, mainly based on the General Data Protection Regulation (GDPR). To tackle the subject of cyber resilience, and to help firms identify vulnerabilities which may be used by adversaries to affect critical services to businesses, the Bank of England developed CBEST Framework in 2014 for UK financial institutions. A comprehensive handbook which gives hands-on experience in researching and countering cyber threats in finance. Europe’s equivalent framework TIBER-EU, led by the European Central Bank, also helps organisations prepare for cyber incidents.
As more software systems and data are stored in the cloud, cybercriminals have taken advantage and attacks on the cloud are on the rise. With attacks from groups such as Lapsus$ attacking Identity Providers to breach organisations, and recent vulnerabilities exploited by Russian state-backed threat actors in the SolarWinds attacks. While the majority of ransomware and extortion attacks are directed at corporate networks, regardless of where those services are hosted, cloud services have been exploited by criminal groups in particular. This is only a portion of a growing fear about threats from cloud technologies, which is another focus area for many financial services firms.
Tom Moorby
Chief Technical Officer and Cyber Security Lead, Hybrint
Hybrint (Hybrid Intelligence) is a new company, recently established and licensed here in the UAE to provide Cyber Risk and Threat Intelligence services to clients. Tom is from the United Kingdom where he gained his experience as a cyber specialist with the Ministry of Defence and the private sector.