Financial Services Under Cyberattack

Author Avatar

by

Posted on February 7, 2023

Want to interview Gerry?

Contact

It should come as no surprise that banks and other financial services companies are favorite targets for hackers and cyberthieves. After all, that’s where the money is.
As cash in bank vaults has been replaced by ones and zeros in the same companies’ databases, bank robbers have also moved online. No need to run the risk of a face-to-face meeting with security guards or police when robbing a bank. Cybercriminals now can attempt to rob banks from the comfort of their own living room couch.

Scope of the Problem

Despite FinServ being a relatively small sector that, employing only 5% of the US workforce, the industry’s businesses are targeted for cyberattacks at a disproportionately high rate. The Congressional Research Service (CRS), part of the Library of Congress, provides policy and legal research and analysis services for the American legislature. Their recently released report on financial cybersecurity estimates that 25% of all malware attacks target financial services companies. A study conducted by Deloitte confirms the industry’s high levels of cyber risk: Two out of three financial industry Chief Information Security Officers (CISOs) that were surveyed reported that their organizations experienced up to ten cyber incidents or breaches in 2020-2021.

In addition to being targeted at a very high rate, FinServ cybercrime costs are the highest across all industries. The CRS puts the average per-company cost of cybercrime at over $18 million per year for financial services companies – 40% higher than the $13 million average cost for all sectors.

The CRS report breaks out two distinct types of risk from cyberattacks. Operational risk, such as a ransomware attack that locks up the company’s data or a DDoS attack that shuts down its servers, limits or obstructs the organization’s ability to provide service. Operational issues are obviously most acute during an attack and in its immediate aftermath.

The second and potentially greater risk in the long term is reputational risk. Few individuals or businesses will choose to keep their money or investments with a bank, credit union or other FinServ firm that cannot protect critical customer data and assets. Fewer still will opt for that bank when seeing new services.

Beyond the ramifications of cyberattacks on individual banks, brokerages, investment houses and other financial service companies, the US government is concerned about a third sort of risk – systemic risk: The financial sector is so highly interconnected that a major cyberattack on one bank or payment network could have devastating ripple effects on other firms.

Growing Vulnerabilities

Numerous factors contribute to growing cyber vulnerability in the financial sector. Here are three:

  1. The rush to new Fintech apps. Fintech is very hot right now, and no one wants to get left behind. Every new app, however, creates another potentially vulnerable new attack surface for cybercriminals. Attacks targeting financial apps increased by 38% in just one year.
  2. Growth of remote work. The pandemic-spurred shift to remote work has changed the work landscape and it’s unclear if it will ever go back. Workers generally favor working from home at least part of the time, and companies benefit from savings on office space. They can also draw from a much larger talent pool if people don’t need to live within commuting distance of the office. But each remote worker adds security risks: Remote work means less (and often, no) control over whether user devices are kept updated and malware-free; greater risk of device loss or theft; ungoverned use of shadow IT; and malware exposure due to unregulated internet use.
  3. Cloud migration. Due to concerns about data privacy and security, as well as the massive complexity of existing systems and software, banks have been relatively slow to migrate to the cloud. But now, migration is picking up. The rapid pace of the software development lifecycle, extensive use of open-source code and proliferation of microservices and apps all introduce vulnerabilities into FinServ systems. In addition, to ensure operational continuity many banks engage with more than one cloud service provider, and each additional relationship creates more potential entry points for attackers. With three cloud service providers owning 60-70% of the market, many financial institutions could be vulnerable to a successful attack on any one of those cloud providers.

Protecting Against Today’s Threats

The financial sector IT environment will continue to grow more complex over time. The risk factors cited above – in addition to the 35-year history of cyberattacks – provide ample evidence that financial firms will remain vulnerable to cyber risk. Taking a few crucial steps, however, can add vital protection for FinTech firms.

First, financial service organization must commit to eliminating no-longer-effective perimeter security solutions and to adopting a Zero Trust security approach instead. Verifying the identity and security posture of every user, device and resource enables faster detection of malicious activity or the presence of unauthorized parties. Enforcing least privilege access controls limits the reach of malicious agents and protects sensitive data from exposure in the event of a breach.

The security software platforms of Secure Access Service Edge (SASE) solutions, such as ZTEdge, are designed from the ground up to address today’s complex hybrid environments in which many employees work from home, many IT resources and apps operate in the cloud, many 3rd parties and contractors need to access corporate IT resources, and a growing number of public-facing apps enable customers to self-serve.

ZTEdge includes essential solutions like ZTNA to deliver secure clientless access to an organization’s apps and data from unmanaged and BYOD devices. Web Application Isolation (WAI) protects apps from unmanaged device risk while enforcing policy-based controls on what apps each user can access, what data they can access, and what activities they can perform. It also includes policy-driven data loss prevention (DLP) controls to restrict browser upload, print and copy/paste to user devices or shadow IT. WAI also cloaks public-facing app surfaces to protect them from threat actors seeking vulnerabilities to exploit.

Based on sophisticated isolation technology that airgaps both user devices and the business’s apps from the dangers of the web, ZTEdge solutions protect against phishing, credential theft and malware infiltration via IMs, virtual meeting solutions and malicious attachments.

Banking has entered a new era and threat actors have not lagged behind. Contact us now to learn how your financial institution can leverage Zero Trust protections to guard against today’s most dangerous cyber risks.


Share this on:

Author Avatar

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.

Recent Posts

Air Gapping Your Way to Cyber Safety

Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.

Motion Picture Association Updates Cybersecurity Best Practices

The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.

FTC Issues Cybersecurity Warning for QR Codes

QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.