Freely subscribe to our NEWSLETTER

For the past six years, the finance sector has been ranked number one as the most cyberattacked industry. In 2020, attacks against banks and other financial institutions climbed an incredible 238% followed by a further impressive 118% increase in 2021. One example includes Europe-based Carbanak and Cobalt malware campaigns which targeted more than 100 financial institutions in more than 40 countries during five years, yielding criminal profits of more than a billion Euros.

According to the 2021 Modern Bank Heists 4.0 survey, the most common types of attacks hitting the financial services sector in 2020 and 2021 included server attacks, data theft and ransomware cases. It was also found that 57% of surveyed financial institutions revealed an increase in wire transfer fraud, 54% had experienced destructive attacks, 41% had suffered brokerage account take-overs, 51% experienced attacks on target market strategy data, 38% suffered attacks originating from hackers accessing trusted supply chain partners to gain entry into the bank, and 41% had become victim to manipulated timestamps resulting in fund theft.

Increasing the challenge for financial institutions is the fact that the current unemployment rate for IT security professionals is approximately 0%. The scarcity of highly skilled security professionals is compounded by the huge volume of emerging threats. As a result, financial institutions are struggling to keep up with the ever-increasing threat landscape. Digitalization in commerce is driving the need for continuously adapting and evolving skills and knowledge for IT security.

Best Practices for the Defense Against Cyber Threats

As a specialist in secure managed services, the experts at Aunalytics have reviewed the top actions necessary to secure IT, administrative, and environments touching the consumer in the financial services space to prioritize the most important areas that should be considered when securing these businesses against a cyberattack. The following best practices include:

– Continuously updating security technology and protocols as threats evolve and adapt. This means deploying a dedicated full-time security team – not an overworked IT department handling system stability and help desk, while also trying to keep abreast of the latest security threats and technologies, piecing together security tools as a solution. This is not a solution.

– Employment of 24/7/365 monitoring with remote remediation to quickly stop attacks in their tracks.

– Monitoring endpoint devices to stop attacks before they hit networks. User devices are the most likely entry point for attackers to compromise a financial institution due to the high propensity for innocent user error opening doors.

– Monitoring cloud security including application use across the financial institution to be on the lookout for atypical user behavior signaling an attack.

– Monitoring email and Office 365 using tools specially designed to thwart attacks on these platforms, such as expertly recognizing and removing phishing scams before employees have an opportunity to unleash horrible consequences with a rogue mistaken click.

– Having a dedicated security team and SOC, or hire an expert outside managed security services firm that embeds tools, technology and 24/7/365 monitoring to serve as an SOC. This is a must for financial institutions.

– Pushing frequent patches so that user devices are equipped with the latest security protections.

– Adopting deep learning or AI monitoring, mitigation and context investigation that can more quickly identify threats.

– Encrypting data so that it is not compromised even if a breach occurs.

– Using multi-factor authentication to protect against unauthorized access.

– Instructing employees and customers to only access bank data in a secure location over a non-public Internet connection.

– Training employees on cybersecurity threats quarterly.

– Developing a solid business recovery plan for when an attack occurs.

“The challenge with cyber threats is daunting because they can enter the business environment from any number of areas, making comprehensive, multi-layer security strategies and implementations a must,” said Katie Horvath, CMO, Aunalytics. “However, by implementing this recommended regiment of protections, organizations can significantly reduce the risk of a successful attack, safeguarding client data and the organization’s long-term viability.”