Leading financial institutions through the hacker storm

Cybercriminals are evolving at a faster rate than we can imagine today, growing not just in numbers but sophistication. They are looking to win big and are launching attacks on the financial services industry, one of the most lucrative and fastest-growing sectors. Fintech investments in the Asia-Pacific (APAC) region hit US$7.5 billion in the first half of 2021 alone.

Financial institutions are prime targets as they have what cybercriminals want – data and money. A report by Boston Consulting Group revealed that financial services institutions are 300 times as likely to be a target of a cyberattack. Not only are they more widely targeted, but the aftermath of an attack also results in a higher cost for banks and wealth managers compared to any other sector.

Compounding the problem

Increasingly, financial institutions find themselves having to meet customer demands for an engaging digital experience. In APAC, the number of digital banking users rose to 88% in 2021, up from 65% four years ago. Organisations are implementing cloud technologies, data analytics and robotics to provide their customers with convenient and easy access to financial data. As a result of such digital transformation efforts, there is a wider attack surface that could potentially be exploited by cyberattackers as new points of entry into IT systems and data. 

In addition, financial institutions are now partnering with more third-party vendors to diversify their product and service offerings, such as mobile payment options and ventures into stocks and cryptocurrency. This often involves the collection and sharing of customer data to deliver a more personalised customer experience. However, such partnerships could also result in data loss, misuse and business disruptions when cyberattackers compromise the API infrastructure or exploit weak links in the supply chain to launch attacks. Early this year, New Zealand’s central bank reported a data breach when a third-party file-sharing service they used had been illegally accessed. 

Common threats and cyberattacks

Despite outspending most of their vertical sector peers in cybersecurity staff, tools and associated investments, cyberattacks on the financial services industry show no signs of letting up. Business email compromise (BEC) and insider threats are recognised as some of the most common threats financial services organisations face. 

BEC scams are one of the most expensive cyberthreats according to the Federal Bureau of Investigation (FBI). In such scams, fraudsters typically compromise legitimate email accounts to carry out an unauthorised transfer of funds, although BEC can take on other forms as well, such as by sending spearphishing emails to fool victims into sharing confidential information. Of note, the pandemic-induced shift to mass remote work has created the perfect backdrop for cyberattackers to carry out BEC scams, as it is more difficult to verify the legitimacy of emails without in-person interactions.

Insider threats are typically carried out for personal or financial gain, or to damage the reputation of an organisation. This can involve leaks of confidential information, theft of intellectual property and unauthorised access to sensitive information. The severity of insider attacks is compounded by the use of cryptocurrencies which allows cybercriminals to pay insiders anonymously, without leaving any trace. 

In addition to these attack types, financial services are disproportionately affected by inadvertent disclosure of sensitive data, often a result of misconfigurations of cloud settings or web-facing applications. Investments in the public cloud by the financial services sector in APAC are also expected to triple from US$4.9 billion in 2019 to US$18.1 billion in 2024. As financial services ramp up their cloud expenditure and rely heavily on customer-facing applications to keep up with data management and customer service models, the opportunity for error is increased. Threat actors continually scan for such opportunities to compromise exposed data.

Putting An End To Cyberattacks

Safeguarding the financial services industry is no mean feat and requires a collaborative effort between organisations, employees and government bodies. While regulatory efforts such as updated guidelines will go a long way in managing such risks, organisations also need to adopt a proactive approach and strengthen their cybersecurity posture. There are three key steps they can take:

  1. Get to know what you don’t know: Organisations first have to assess their cyber readiness. Reviewing their cybersecurity posture allows organisations to flag any security gaps that need to be addressed immediately while leaving them with a set of specific, actionable recommendations to maintain a higher level cyber defence posture and be ready to respond quickly and effectively to any future intrusion attempts. Organisations can also employ advisory services to provide gap assessments on high probability scenarios, such as ransomware and BEC scams. 
  2. Build a cyber defence posture that is up to the task: Protection starts with initiating safeguards and implementing continuous monitoring capabilities to ensure the delivery of critical infrastructure services. Organisations have to adopt a more cohesive defence-in-depth approach by leveraging a comprehensive security platform that integrates key functions such as endpoint detection and response (EDR), threat correlation, and SOAR (Security Orchestration Automation and Response). Having a unified overview of security events from on-premise, cloud and endpoint activities can help to streamline the detection of sophisticated attacks. 
  3. Create a more security-conscious culture: Organisations should reconfigure work processes and security procedures to narrow the opportunities for threat actors to deceive and exploit employees, partners, vendors, and customers. Securing digital assets is not a responsibility that can be solely undertaken by the IT team. Team members have to understand that ensuring cloud security is a shared responsibility. Organisations can conduct cyber risk awareness training for employees and implement information protection processes and procedures. This involves monitoring financial services cybersecurity developments and events to verify the effectiveness of protective measures.

No industry is immune to cyberattacks, but ensuring that security investments are targeted in the right areas and that staff are trained appropriately to monitor and manage threats will help financial institutions better weather the hacker storm.