Trending News
Home / Cyber / Growing Cyber threats to the Financial Sector and Cybersecurity

Growing Cyber threats to the Financial Sector and Cybersecurity

Financial institutions are leading targets of cyber attacks. Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.

 

In February 2016, hackers targeted the central bank of Bangladesh and exploited vulnerabilities in SWIFT, the global financial system’s main electronic payment messaging system, trying to steal $1 billion. While most transactions were blocked, $101 million still disappeared.

 

The threat landscape for financial institutions is again being transformed. The explosion of digital financial services and mobile banking has exponentially expanded the attack surface that criminals can exploit. Digitization is also transforming the geography of cybercrime by bringing billions of users in developing markets online, providing criminals with new targets with limited cybersecurity awareness and low defense.

 

At the same time, the proliferation of easy-to-use malware and contract hacker services on the black market has made what were once exclusively nation-state capabilities available to a wide range of malicious actors. Automation allows criminals to leverage these resources to launch attacks cheaply at scale, making their lives easier and defenders’ lives more difficult.

 

Financial firms are 300 times more likely than other institutions to experience them, according to the Boston Consulting Group. The pandemic has even supplied fresh targets for hackers. The financial sector is experiencing the second-largest share of COVID-19–related cyberattacks, behind only the health sector, according to the Bank for International Settlements.

 

Financial services companies are primarily being targeted with phishing, ransomware, and credential-based attacks at a top level. Additionally, cybercriminals primarily targeted personal data, credentials, and internal banking data. These attacks are primarily financially motivated. Although many threat actors are focused on making money, the number of purely disruptive and destructive attacks has been increasing.

 

Most malicious actors who target financial services companies belong to organized crime groups, but internal actors caused 44% of breaches.

 

There are also states and state-sponsored attackers, North Korea, for example, has stolen some $2 billion from at least 38 countries in the past five years. With more than 30 new countries investing in developing offensive cyber capabilities, the nation-state threat landscape is poised to expand dramatically. “State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services subcommittee on national security, international development, and monetary policy during a hearing in June 2020

 

In a report published in January 2020, the Federal Reserve Bank of New York says the risk of spillover effects from cyberattacks is high because the banking system is interconnected. The report suggests a cyberattack on any of the five most active U.S. banks could affect 38% of the network

 

In February 2020, Christine Lagarde, president of the European Central Bank and former head of the International Monetary Fund, warned that a cyberattack could trigger a serious financial crisis. In April 2020, the Financial Stability Board (FSB) warned that “a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.” The potential economic costs of such events can be immense and the damage to public trust and confidence significant.

 

Financial services companies must find a way to maintain a highly productive remote or hybrid workforce —while maintaining high defenses, protecting their employees’ identities, enforcing access policies, and monitoring and hunting the growing wave of threats that target them. Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise.

 

To achieve more effective protection of the global financial system against cyber threats, the Carnegie Endowment for International Peace released a report in November 2020 titled “International Strategy to Better Protect the Global Financial System against Cyber Threats.” Developed in collaboration with the World Economic Forum, the report recommends specific actions to reduce fragmentation by fostering more collaboration, both internationally and among government agencies, financial firms, and tech companies.

 

The strategy is based on four principles: first, greater clarity about roles and responsibilities is required. Only a handful of countries have built effective domestic relationships among their financial authorities, law enforcement, diplomats, other relevant government actors, and industry. Existing fragmentation hampers international cooperation and weakens the international system’s collective resilience, recovery, and response capabilities.

 

Second, international collaboration is necessary and urgent. Given the scale of the threat and the system’s globally interdependent nature, individual governments, financial firms, and tech companies cannot effectively protect against cyber threats if they work alone.

 

Third, reducing fragmentation will free up capacity to tackle the problem. Many initiatives are underway to better protect financial institutions, but they remain siloed. Some of these efforts duplicate each other, increasing transaction costs. Several of these initiatives are mature enough to be shared, better coordinated, and further internationalized.

 

Fourth, protecting the international financial system can be a model for other sectors. The financial system is one of the few areas in which countries have a clear shared interest in cooperation, even when geopolitical tensions are high. Focusing on the financial sector provides a starting point and could pave the way to better protection of other sectors in the future.

 

Among actions for strengthening cyber resilience, the report recommends that the FSB develop a basic framework for supervising cyber risk management at financial institutions. Governments and industry should strengthen security by sharing information on threats and by creating financial computer emergency response teams (CERTs), modeled on Israel’s FinCERT.

 

As the traditional network perimeter continues to change, it’s necessary to establish new security boundaries that enforce the security policy at a range of architectural levels, for people and processes as well as a technical level. It will be necessary to develop plans to adopt a Zero Trust architecture in order to have the assurance that data is only being used by entities deliberately authorized and that all interactions are properly verified.

 

Cyber threats to financial institutions increasingly come from insecure low-cost mobile and IoT devices outside their own networks. This requires new approaches to defense, including developing new authentication and monitoring technologies for bank networks, and supporting the development of security solutions for these new devices outside the banks’ own networks. Improving cybercrime education and awareness for new internet users in the developing world and supporting efforts to build law enforcement capacity to combat cybercrime around the world is also critical.

 

 

References and Resources also include:

https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm

https://csis-website-prod.s3.amazonaws.com/s3fs-public/171006_Cyber_Threat_Landscape%20_Carter.pdf?UWqJEbDm.dBKSLEIFTyYs1IxJaExh9Y7

https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm

 

Cite This Article

 
International Defense Security & Technology (January 31, 2023) Growing Cyber threats to the Financial Sector and Cybersecurity. Retrieved from https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/.
"Growing Cyber threats to the Financial Sector and Cybersecurity." International Defense Security & Technology - January 31, 2023, https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/
International Defense Security & Technology January 14, 2023 Growing Cyber threats to the Financial Sector and Cybersecurity., viewed January 31, 2023,<https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/>
International Defense Security & Technology - Growing Cyber threats to the Financial Sector and Cybersecurity. [Internet]. [Accessed January 31, 2023]. Available from: https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/
"Growing Cyber threats to the Financial Sector and Cybersecurity." International Defense Security & Technology - Accessed January 31, 2023. https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/
"Growing Cyber threats to the Financial Sector and Cybersecurity." International Defense Security & Technology [Online]. Available: https://idstch.com/cyber/growing-cyber-threats-to-the-financial-sector-and-cybersecurity/. [Accessed: January 31, 2023]

About Rajesh Uppal

Check Also

DARPA OpFires testing ground-based intermediate-range Hypersonic boost-glide Weapon for US Army

The 2018 National Defense Strategy requires that the DOD provide combat-credible military forces to deter …

error: Content is protected !!