All the stats and trends point to a sobering truth: Because they hold a treasure trove of data assets, financial services firms are a priority target for cybercriminals. And aside from their valuable data, financial entities must meet the growing demand for an engaging online customer experience—something that may further expose IT vulnerabilities to hackers.
While their objectives can vary, cybercriminals often target banking institutions hoping to steal personal information (e.g., Social Security numbers) and access financial services such as credit cards. Unfortunately, savvy hackers can find any number of ins to a banking customer’s private profile.
Let’s take a closer look at how financial services cyber crime can happen, what can be the consequences, and how a proactive two-step approach can make a vital difference for financial services IT security in the cloud era.
Phishing and ransomware
Phishing, a method of tricking users into divulging login credentials for access to an internal network, is a common method for hackers targetting financial services, the industry in which the most phishing attacks took place in Q1 of 2021 according to the Anti-Phishing Working Group (APWG).
The most typical form is email phishing, where phoney communication goes to users with infected links that could initiate malware or load a counterfeit web page that harvests login credentials. Phishing victims are also frequently pressured to process financial transactions, seemingly at the request of senior company representatives.
These scam emails can be especially convincing when they’re presented with a sense of urgency or take the form of reply messages to an existing email thread—a tactic known as thread hijacking.
Malware can also take the form of ransomware, another critical breach risk for financial services. During a ransomware attack, cybercriminals lock victims out of their computers or entire systems until a ransom is paid.
Hackers use multiple extortion methods to pressure victims into paying the ransom, including the threat of making public any sensitive stolen data or selling it on criminal forums. These tactics are unfortunately very effective against financial institutions because they must abide by industry regulations that demand high levels of data breach resilience.
Across industries, a significant spike in ransomware attacks was observed in 2020 and the trend continued to climb in 2021. The New York-based Atlas VPN service provider observed a 151% increase in ransomware attacks in the first half of 2021 compared to 2020.
DDoS and SaaS attacks
The financial sector is also a frequent target of Distributed Denial-of-Service (DDoS) attacks, where the organization’s server is overwhelmed with fake connection requests, forcing it offline. DDoS attacks can be quite effective against financial services because their “attack surface”—their extended IT infrastructure—reaches far beyond the bank’s own IT to customer accounts, payment portals, etc.
Once systems are crippled, cybercriminals can leverage the resulting chaos by launching additional attack campaigns while security teams are distracted or by offering to stop the DDoS attack if a ransom is paid, a strategy that can succeed given the strict SLA agreements that financial institutions often follow.
Between 2019 and 2020, the financial services industry experienced a 30% increase in DDoS attacks, a spike that coincided with the beginning of the pandemic.
When third-party vendors and software as a service (SaaS) applications lack strong cyber security measures, the partner financial institution could be the one that suffers.
Payment processing services, for instance, aren’t always categorized as financial institutions but in the eyes of cybercriminals their proximity to private banking data makes them prime targets.
What are the consequences?
Even a single successful cyber attack can carry immediate financial consequences that will directly impact an institution’s bottom line. Ransomware payments can reach into the millions of dollars, while business email compromise and data theft can be just as costly.
Then there’s share price. In the aftermath of an attack in 2019, share price in Capital One Financial dropped by 5.9%.
Overall, IBM has estimated that the average total cost of a cyber attack at $4.24 million. This figure includes a wide range of legal, regulatory and other expenses that can arise long after the incident has been resolved.
Business disruption and lost productivity can be included in those after-the-fact costs that are difficult to quantify. Once hackers access an IT environment, they can shut down business-critical infrastructure. In 2020, a DDoS attack brought the New Zealand Stock Exchange to a standstill for three days, halting all trading for the duration.
Of course financial services cybercrime victims can also run afoul of industry regulators who are trying hard to ensure that organizations with confidential data or personally identifiable information (PII) take strong measures to secure it.
Long term, one of the most costly impacts of all may be damage to reputation, which can complicate efforts to attract new business and retain existing clients. Partners, customers, and even credit rating agencies are looking closely at cyber incident responses in the financial sector as part of an overall risk-management analysis.
The two-step approach for financial services
Amid all the worrying trends, the good news is that significantly improving IT security for financial services firms can be as simple as implementing a two-step methodology of deeper insight and application of best practices for security posture in the cloud era.
Despite their ingenuity, cyber attackers often reuse successful attack sequences to exploit common security vulnerabilities across financial entities. While we can never fully eliminate the potential for human error, the following two-step proactive approach can effectively address most of the exposures that lead to data breaches in financial services.
Step one: Obtain a clear view of the entire SaaS infrastructure—and shed light on high-risk Shadow IT.
A third-party risk management program such as Augmentt Engage will help identify security vulnerabilities for all third-party cloud services to help prevent supply chain attacks. This is critical in a time when companies across sectors are using up to 15x more cloud services to store sensitive company data than CIOs and executives are aware of or had authorized.
Using an advanced agent, Augmentt Discover quickly identifies every software-as-a-service (SaaS) application used across an organization, regardless of where people work, which devices they use, and how they run applications.
Next, Augmentt Discover deploys a library of 22,000+ applications to classify risk and assess organizational productivity. This analysis can automatically categorize SaaS by job function and risk, then instantly classify apps according to their security, financial or productivity level of risk.
Importantly, Augmentt Discover is a multi-tenant solution that was designed with collaboration in mind, allowing financial institutions to access and view their own SaaS usage across the organization. The resulting insight means that security partners can confidently recommend and act on sound strategies that improve SaaS security and productivity.
Step two: Protect your Microsoft 365 environment and most important cloud applications by auditing and monitoring security policy enrolment to significantly reduce the risk of security breach.
Microsoft Office 365 has millions of fraudulent sign-in attempts happening each day. A state-of-the-art platform such as Augmentt Secure reveals strategies for the industry-best security posture by identifying blind spots and reducing the overall risk of threats through MFA and policy enrollment monitoring.
Augment Secure lets you put all of the improvement into sharp focus with custom reporting that tracks security score improvements and shows the value of the security service delivered.
Other features such as global MFA visibility protect end-users by identifying and closing security policy gaps. By enabling IT teams to audit security posture and analyze security policy configuration, Secure lets financial institutions reduce risk and improve posture scores over time, all monitored in customer-facing QBR reports.
IT security specialists who work with a platform provider like Augmentt can leverage advanced solutions developed specifically for cloud-era cyber security. For financial services firms with complicated IT environments, Augmentt enables critical and next-level SaaS management and optimization across an entire ecosystem, something that is vital to enhance cyber security in the modern business world.
Learn more about your own two-step security plan
Reach out today to begin a conversation about how we can custom-design the security roadmap your organization needs to mitigate the surge of data breaches and related threats in the financial services industry.