In today’s interconnected world, the financial sector has become a prime target for cybercriminals. Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft, and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.
Cyber attacks targeting the financial sector have increased rapidly in recent years, and the threat landscape is evolving constantly. Financial institutions face a range of cybersecurity risks, from hacking and data breaches to phishing and ransomware attacks.
In February 2016, hackers targeted the central bank of Bangladesh and exploited vulnerabilities in SWIFT, the global financial system’s main electronic payment messaging system, trying to steal $1 billion. While most transactions were blocked, $101 million still disappeared.
At the same time, the proliferation of easy-to-use malware and contract hacker services on the black market has made what were once exclusively nation-state capabilities available to a wide range of malicious actors. Automation allows criminals to leverage these resources to launch attacks cheaply at scale, making their lives easier and defenders’ lives more difficult.
Financial firms are 300 times more likely than other institutions to experience them, according to the Boston Consulting Group. The pandemic has even supplied fresh targets for hackers. The financial sector is experiencing the second-largest share of COVID-19–related cyberattacks, behind only the health sector, according to the Bank for International Settlements.
Most malicious actors who target financial services companies belong to organized crime groups, but internal actors caused 44% of breaches.
There are also states and state-sponsored attackers, North Korea, for example, has stolen some $2 billion from at least 38 countries in the past five years. With more than 30 new countries investing in developing offensive cyber capabilities, the nation-state threat landscape is poised to expand dramatically. “State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services subcommittee on national security, international development, and monetary policy during a hearing in June 2020
Overview of the Cyber Threat Landscape:
The threat landscape for the financial sector is vast and complex. The explosion of digital financial services and mobile banking has exponentially expanded the attack surface that criminals can exploit. Digitization is also transforming the geography of cybercrime by bringing billions of users in developing markets online, providing criminals with new targets with limited cybersecurity awareness and low defense.
Hackers and cybercriminals are continually developing new techniques to exploit vulnerabilities in computer systems and gain access to sensitive data.
Financial services companies are primarily being targeted with phishing, ransomware, and credential-based attacks at a top level. Additionally, cybercriminals primarily targeted personal data, credentials, and internal banking data. These attacks are primarily financially motivated. Although many threat actors are focused on making money, the number of purely disruptive and destructive attacks has been increasing.
Some of the most common types of cyber threats facing financial institutions include:
- Phishing attacks: These attacks are designed to trick individuals into divulging sensitive information, such as usernames and passwords, by masquerading as legitimate emails or websites.
- Malware: Malware is malicious software that can be used to gain unauthorized access to a system or steal data. This can include viruses, trojans, and ransomware.
- Insider threats: Employees, contractors, and other insiders with access to sensitive data can pose a significant cybersecurity risk. These threats can include intentional data theft, accidental data loss, and sabotage.
- Distributed Denial of Service (DDoS) attacks: DDoS attacks involve flooding a network or server with traffic to overload it and cause it to crash.
- Advanced Persistent Threats (APTs): APTs are long-term targeted attacks designed to gain unauthorized access to a system or network and remain undetected for an extended period.
For deeper understanding of Cyber threats in Financial Sector and Cyber security mesures please visit: Unmasking Shadows: Cyber Threats and Security in the Financial Sector
In a report published in January 2020, the Federal Reserve Bank of New York says the risk of spillover effects from cyberattacks is high because the banking system is interconnected. The report suggests a cyberattack on any of the five most active U.S. banks could affect 38% of the network
In February 2020, Christine Lagarde, president of the European Central Bank and former head of the International Monetary Fund, warned that a cyberattack could trigger a serious financial crisis. In April 2020, the Financial Stability Board (FSB) warned that “a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.” The potential economic costs of such events can be immense and the damage to public trust and confidence significant.
Financial services companies must find a way to maintain a highly productive remote or hybrid workforce —while maintaining high defenses, protecting their employees’ identities, enforcing access policies, and monitoring and hunting the growing wave of threats that target them. Regulators are taking notice, and implementing new controls for cyber risk to address the growing threat to the banks they supervise.
A recent article from the Financial Times highlights the growing threat of cyber attacks to the financial sector, citing recent high-profile attacks such as the SolarWinds breach and the ransomware attack on Colonial Pipeline. The article also notes that the cost of cyber attacks to the financial sector can be significant, with one report estimating that cyber attacks on financial institutions could cost as much as $6 trillion by 2025.
The Financial Times article also highlights the increasing sophistication of cyber attacks targeting the financial sector, with hackers using advanced techniques such as social engineering and zero-day vulnerabilities to gain access to sensitive data. The article notes that cybercriminals are also targeting smaller financial institutions and non-bank financial institutions, which may have less robust cybersecurity defenses in place.
The threat of cyber attacks to the financial sector is not only growing but also potentially very costly. Financial institutions must take cybersecurity seriously and invest in effective measures to protect against cyber threats. The importance of implementing comprehensive cybersecurity measures, regularly updating software and systems, and providing regular cybersecurity training to employees cannot be overstated. Additionally, financial institutions must stay vigilant and continually adapt their cybersecurity strategies to stay ahead of the evolving threat landscape.
The article further emphasizes the importance of collaboration between financial institutions and government agencies to combat cyber threats. Financial institutions must share information about potential threats and vulnerabilities with government agencies and law enforcement to help prevent and mitigate cyber attacks. The article also notes that regulatory bodies are increasing their focus on cybersecurity, with new regulations and guidelines being developed to ensure financial institutions are adequately protecting against cyber threats.
International Strategy to Better Protect the Global Financial System against Cyber Threats
To achieve more effective protection of the global financial system against cyber threats, the Carnegie Endowment for International Peace released a report in November 2020 titled “International Strategy to Better Protect the Global Financial System against Cyber Threats.” Developed in collaboration with the World Economic Forum, the report recommends specific actions to reduce fragmentation by fostering more collaboration, both internationally and among government agencies, financial firms, and tech companies.
The strategy is based on four principles: first, greater clarity about roles and responsibilities is required. Only a handful of countries have built effective domestic relationships among their financial authorities, law enforcement, diplomats, other relevant government actors, and industry. Existing fragmentation hampers international cooperation and weakens the international system’s collective resilience, recovery, and response capabilities.
Second, international collaboration is necessary and urgent. Given the scale of the threat and the system’s globally interdependent nature, individual governments, financial firms, and tech companies cannot effectively protect against cyber threats if they work alone.
Third, reducing fragmentation will free up capacity to tackle the problem. Many initiatives are underway to better protect financial institutions, but they remain siloed. Some of these efforts duplicate each other, increasing transaction costs. Several of these initiatives are mature enough to be shared, better coordinated, and further internationalized.
Fourth, protecting the international financial system can be a model for other sectors. The financial system is one of the few areas in which countries have a clear shared interest in cooperation, even when geopolitical tensions are high. Focusing on the financial sector provides a starting point and could pave the way to better protection of other sectors in the future.
Among actions for strengthening cyber resilience, the report recommends that the FSB develop a basic framework for supervising cyber risk management at financial institutions. Governments and industry should strengthen security by sharing information on threats and by creating financial computer emergency response teams (CERTs), modeled on Israel’s FinCERT.
Cybersecurity Measures for the Financial Sector:
To protect against cyber threats, financial institutions must adopt a comprehensive cybersecurity strategy. This strategy should include the following measures:
- Regular cybersecurity training for employees: Employees are often the weakest link in a company’s cybersecurity defense. Providing regular cybersecurity training can help employees recognize and avoid potential threats.
- Strong access controls: Access controls should be in place to limit access to sensitive data and systems to only those who require it.
- Multi-factor authentication: Multi-factor authentication (MFA) can provide an additional layer of security to prevent unauthorized access to systems and data.
- Data encryption: Encryption can help protect sensitive data from unauthorized access in the event of a breach.
- Regular software updates: Software updates often contain security patches that can help protect against known vulnerabilities.
- Incident response plan: A well-designed incident response plan can help minimize the impact of a cyber attack and reduce recovery time.
- Third-party risk management: Financial institutions should carefully vet third-party vendors and suppliers and require them to adhere to strict cybersecurity standards.
Cyber threats to financial institutions increasingly come from insecure low-cost mobile and IoT devices outside their own networks. This requires new approaches to defense, including developing new authentication and monitoring technologies for bank networks, and supporting the development of security solutions for these new devices outside the banks’ own networks. Improving cybercrime education and awareness for new internet users in the developing world and supporting efforts to build law enforcement capacity to combat cybercrime around the world is also critical.
As the traditional network perimeter continues to change, it’s necessary to establish new security boundaries that enforce the security policy at a range of architectural levels, for people and processes as well as a technical level. It will be necessary to develop plans to adopt a Zero Trust architecture in order to have the assurance that data is only being used by entities deliberately authorized and that all interactions are properly verified.
Cybersecurity Challenges Facing the Financial Sector:
Despite the importance of cybersecurity, financial institutions face several challenges in implementing effective cybersecurity measures. Some of the main challenges include:
- Rapidly evolving threat landscape: The cyber threat landscape is constantly evolving, and financial institutions must continually adapt their cybersecurity strategy to stay ahead of threats.
- Budget constraints: Financial institutions may not have the budget to invest in the latest cybersecurity technologies and services.
- Complexity of IT infrastructure: Financial institutions often have complex IT infrastructures, which can make it challenging to identify and mitigate vulnerabilities.
- Regulatory compliance: Financial institutions must comply with a range of regulations related to cybersecurity, which can be complex and time-consuming.
- Lack of skilled cybersecurity professionals: The demand for skilled cybersecurity professionals far outstrips supply, making it difficult for financial institutions to attract and retain qualified staff.
The financial sector faces an ever-growing threat from cyber attacks, and financial institutions must take steps to protect against these threats. This includes implementing comprehensive cybersecurity measures, regularly updating software and systems, and providing regular cybersecurity training to employees.
Financial institutions must stay up to date with the latest cybersecurity technologies and best practices to protect against these evolving threats. Collaboration and information sharing between financial institutions and government agencies is critical to preventing and mitigating cyber attacks. Finally, financial institutions must also stay abreast of regulatory developments related to cybersecurity to ensure compliance with relevant regulations and guidelines.