Financial Services Cybersecurity
The number of attacks targeting the financial sector is 300 times greater than in other industries
(BlackFog)
The average cost of a data breach in the financial sector is $5.85M – 30% higher than in other sectors
(Varonis, 2021)
Are financial institutions attractive targets for cybercrime?
Banks and other financial institutions handle very large sums of money and hold immense amounts of sensitive customer data. This makes them ideal targets for cybercriminals.
74% of the attacks in the finance and insurance sectors compromised customers’ personal details, with the average cost of a data breach in the financial industry reaching $5.9 million (IBM).
The US Federal Deposit Insurance Corporation (FDIC) 2024 Report on Cybersecurity and Resilience quotes the 13th Annual Ernst & Young (EY) Global Bank Risk Management Survey, which names cybersecurity risks as the top near-term risk for banks. It adds that geopolitical events also increase the likelihood of cyber attacks on banks.
Financial institutions’ cybersecurity policies have been to transfer risks and the costs of a cyber breach by taking out insurance policies. Illustrating the gravity of the problem is the decision made by insurers to include harsh restrictions and exemptions in their policies, and also reduce the sums covered for bank losses incurred due to fraud.
What makes financial institutions vulnerable to cyber attacks?
Heavy competition is forcing increasing digitization and the rapid assimilation of new technologies in the finance and banking sector. However, where the implementation of the necessary cybersecurity measures fails to keep up, financial institutions face elevated risks – in an industry where consumer trust is paramount. Exposure to attacks through vendors, partners and customers also increases banking and finance institutions’ vulnerability to cyber attacks.
Furthermore, heightened regulatory and enhanced privacy requirements may increase the incidence of extortion attacks, exploiting financial institutions’ fears that the exposure of noncompliance and data breaches will result in fines and lost business.
What are the most common types of cyber attacks targeting the financial sector?
Ransomware: The largest number of detected ransomware attacks in 2023 targeted the banking industry (Trend Micro). The rate of ransomware attacks in financial services increased to 64% in 2023 from 55% in 2022. The data of 81% of financial organizations that incurred a ransomware attack was encrypted, with the most common root causes of the most significant attacks being exploited vulnerabilities (40%) and compromised credentials (23%) (Sophos, 2023). Ransomware attacks can severely disrupt a bank or other financial institution’s core activities, compromise the confidentiality of customer data, lead to loss of clients and erode reputation.
Phishing: Most often e-mail based, remains a prime concern: The Anti-Phishing Working Group (APWG)’s 2023 report indicated that the financial sector is at the receiving end of 23.5% of all phishing attacks – the most targeted among all surveyed sectors.
Denial-of-service (DoS): The Wall Street Journal reported in 2024 that DoS attacks targeting banks and other financial services firms are surging worldwide, with politically motivated hackers as their main driver.
Other main cyber threats faced by the financial industry include third-party risks; SQL Injections (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), and OGNL Java Injection; supply chain attacks, and bank drops.
Which examples of recent cyber attacks targeting banks and financial institutions that illustrate the damage caused?
Some recent cyber attacks targeting banking and financial institutions include:
- In July 2024, the loan company Affirm informed its clients holding payment cards that due to a data breach at Evolve Bank & Trust, its third-party issuer, the personal information of 7.6 million individuals had been stolen in the recent LockBit ransomware attack.
- Prudential Financial, an American Fortune Global 500 and Fortune 500 company, was the target of a ransomware attack that was carried out on February 4, 2024 and attributed to Alphv Ransomware, also known as BlackCat. It discovered the attack the following day. As a result, the personal details of 2.55 million individuals were compromised.
- Cooper, the largest non-bank mortgage server in the USA suffered a cyber attack, which led to system lockdown activated to protect its customers’ data, although it was later revealed that some data was compromised in the attack. The attack prevented 4.3 million Mr. Cooper users from making online payments.
- A data breach at the financial software provider Infosys McCamish on November 3, 2023 compromised the sensitive personal data of more than 57,000 Bank of America clients. According to Forbes, these included the clients’ names and addresses, social security numbers, dates of birth, phone numbers, account numbers and credit card information. Some sources state that the bank detected the breach itself on November 24 through routine monitoring, while other sources indicate that the provider notified the bank on that date. The affected bank clients, however, were only notified on February 2, 2024. It remains unclear if the delay constituted a violation of federal notification law or was caused by law enforcement investigations.
- Managed Care of North American (MCNA), one of the largest dental health insurers in the USA, suffered a ransomware attack. that affected some 9 million individuals. The LockBit ransomware group admitted to being behind the attack. It reportedly stole 700 GB of data, including sensitive personal and health insurance information of patients. When its demand for ransom of $10 million was not met, it exposed the data.
- In the first half of 2022, the Ronin Network was breached by hackers by gaining access to private keys used to forge fake withdrawals. The hackers hijacked 173,600 Ethereum and $25.5 million – totaling nearly $615 million in stolen funds, as reported by Bank Info Security. US authorities attributed the attack to a North Korean state-backed cybercrime operation named Lazarus Group. In August 2024, Ronin Network was again targeted in a much smaller attack.
How does ACID Technologies’ solution reduce the risk of cybercrime in the financial industry and the damage it causes?
ACID Intelligence and DIP cost-effectively confront the increased risks faced by banks and other financial institutions. Clusters of robots are unleashed and sophisticated AI tools implemented to continuously monitor the dark web, deep web and a multitude of other sources and platforms, in order to detect even the earliest signs of an attack. The use of client-specific keywords in the relevant language/s provides results and valuable information that is essential to preparing an effective response to the threat by the targeted organization. Additional information allows finetuning the response for increased efficiency. By potentially thwarting the attack or mitigating its harmful effects, the financial institution can significantly reduce its risks of incurring heavy fines and damage to its business due to loss of client confidence.
ACID Intelligence and DIP are well-equipped to detect numerous types of cyber attacks targeting the finance and banking sector, among them:
- Ransomware
- Phishing
- DDoS
- SQL injection (SQLi)
- Local file inclusion (LFI)
- Cross-site scripting (XSS)
- OGNL Java Injection
- Credential stuffing
- Theft of BINs (Bank Identification Number), SWIFT codes
These are aimed at committing, among others:
- Financial scams
- Fraud
- Opening fake accounts and lines of credit
- Direct theft
- Data theft
- Extortion
Each dollar spent on ACID’s solutions is a sound investment in your cybersecurity. It reduces your exposure to cyber threats which could be disastrous to your organization and equips you with information, often in advance of an attack, which enables you to proactively counter the threat.