| 9 min read
Table of contents
Our economy is reliant on the financial sector. Banks, credit unions, pension funds, insurance companies, investment firms and other financial services have access to our most sensitive data: personally identifiable information (PII), account details, transactional and business-related data. Due to their simplicity and swiftness, online financial transactions have become the norm among consumers and services. But among the advantages also arise drawbacks that need to be addressed by the financial entities offering their services.
The 2024 Verizon Data Breach Investigation Report shows that the financial sector recorded 3,348 incidents in 2023, with 1,115 confirmed breaches in the United States. The greater percentage of the compromised data belonged to the financial entity’s customers, meaning they are the ones who face the most risks. This report also exposed that the financial industry was the second most attacked sector last year. These statistics underscore the constant risk financial service industries have to face every day.
Over the years, banks have protected tangible cash and other physical assets in their vaults with solid structures, personnel restrictions and security guards. They should do the same now with their digital assets. In this day and age, where criminals are not only masked robbers with guns but also online threat actors with nifty methods, financial services still have the tough job of keeping them out. That’s where cybersecurity can lend a helping hand. There are measures that can be taken, solutions that can be used, and approaches that can be implemented. All have the capacity to protect assets against the constant barrage of cyberattacks faced by the financial sector.
What motivates financial services cyberattacks?
Financial services are a prime target for cybercriminals due to several factors that make them especially attractive. Gain — whether it be financial or informational — is one of those factors. Financial institutions hold a goldmine of valuable information (account details, social security numbers, etc.). If stolen, could be sold on the dark web for a high price or used to commit further crimes. Moreover, since these organizations mostly rely on their digital infrastructure, attackers can disrupt operations and demand large ransom payments, which many organizations comply with in order to return to normal activity.
Financial institutions have complex ecosystems, with numerous interconnected players like customers, vendors and third-party providers, that have access to online platforms, mobile apps, trading networks or global wire transfer systems. The sheer complexity and interconnectivity of financial infrastructures offer an ample attack surface full of opportunities for cyber attacks — something that motivates cybercriminals.
Another reason is impact. A cyberattack can severely damage an organization’s reputation, erode consumer confidence and even destabilize economies. Systematic impact makes financial entities particularly appealing targets for cybercriminals looking to cause widespread disruption and chaos.
All of these reasons give financial organizations insight into why they are constantly targeted and why they need a robust security posture. Complying with established security standards (which we’ll discuss further down) is extremely important but not the only feature that needs to be considered. Let's first examine the threats that financial entities endure.
Common cyber threats in the financial services sector
Financial institutions face a myriad of cyber threats due to the reasons previously explained. Each time an incident occurs, the entity is at risk of suffering significant damages. As earlier informed, it is the end user that is most targeted by criminals. However, the financial entity itself suffers business losses, lawsuits and reputational damage as a result of cyberattacks. It’s always better to know how cybercriminals work, so here are some of the most common threats the financial sector is exposed to:
-
Supply chain attacks: In this attack, cybercriminals penetrate the components of a third-party vendor or a partner to gain access to its customers' systems. Attackers can gain remote access to financial institutions' systems, steal sensitive data or move laterally through different environments. An infamous example of this is the Lazarus group attacks in South Korea via a supply chain that involved software used by this country’s banks and government agencies. At Fluid Attacks, we have the tools that can strengthen your software supply chain security: SCA (software composition analysis) and SBOMs (software bill of materials). With SCA, an analysis of the code is done to identify open-source components and their dependencies, thus finding risks associated with third-party components and informing of the recommended solution to mitigate them. With continuously updating SBOMs, you get a clear picture of everything that makes up your software. Our SCA has the capability to produce precise and comprehensive SBOMs for you in different standardized formats (CycloneDX and SPDX). Read more about this process here.
-
Phishing attacks: These misleading emails or messages, which impersonate real entities or individuals, may contain malware that downloads to the receiver's device with only a single click of a malicious link, or they may be sent with the intent to trick the recipient into disclosing sensitive information like login credentials. This tactic can be used on both company employees and customers. Examples include the OCBC phishing scam of 2021, which resulted in a $13.7 million loss and targeted this Singaporean bank’s customers, and the PerSwaysion spear-phishing campaign, which breached the email accounts of high-ranking financial executives.
-
Social engineering: This tactic involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing attacks are a form of social engineering, but attackers can also use social media, phone calls, or even impersonate the company’s staff to trick employees. Examples include hackers tricking an employee of the Chilean interbank network Redbanc into downloading malware, giving them access to sensitive information, and the 2015 Dyre Wolf campaign that used advanced social engineering to steal around $1 million from companies.
-
Ransomware: This looming danger encrypts critical data and blocks operating systems until a ransom is paid, disrupting operations and causing losses. Ransomware can be delivered in different ways. Some examples include the 2021 ransomware attack that hit the U.S. insurance firm CNA Financial and disrupted the company’s employee and customer services and the ransomware attack faced by the Israeli insurance company Shirbit, whose refusal to pay the ransom resulted in four class-action lawsuits amounting to $360 million from customers affected by the data breach.
-
Distributed Denial-of-Service (DDoS) attacks: DDoS attacks overwhelm a server with fake internet traffic, making it unavailable to legitimate users and disrupting the financial institution’s service. These popular attacks can compromise online banking, customer accounts, employee portals, etc. Examples include the 2022 Moscow Stock Exchange and Sberbank DDoS attacks that took their websites offline and the DDoS attacks on Dutch financial entities of 2018 that left their (ABN Amro, ING and Rabobank) online and mobile banking services down.
-
Insider threats: This form of risk can be for different reasons: Sometimes, disgruntled or greedy employees can misuse sensitive information; other times, data can be accidentally leaked by inattentive employees. Examples include the 2010 Bank of America ATM fraud incident, where an employee installed malware on 100 ATMs and stole thousands of dollars, and the Scotiabank employee who put at risk a number of customers’ accounts by accessing them without a valid reason.
It’s absolutely crucial to identify and understand these and other tactics (like zero-day or API attacks) in order to develop more effective and comprehensive strategies against ever-evolving threats.
Cybersecurity measures for financial services
Financial services should implement a comprehensive range of cybersecurity measures to protect all their assets from lurking risks. They need a multi-layered defense to effectively combat cyber attacks, and it should address various aspects of cyber security, like prevention, detection, reaction and recovery. The following are some essential measures to consider:
Adhere to compliance standards
Strict regulations are imposed by government agencies, and some are not just requirements but rather state or federal laws, so their compliance is non-negotiable. They work to ensure that financial institutions protect client data and safeguard them against financial fraud, generally seeking to keep the clients’ confidentiality safe and maintain trust between entities and customers.
The first step is to identify the specific compliance standards that apply to their institution. Depending on factors such as locations, offered services, and size of the institution, different standards will apply. Those standards include:
-
Sarbanes-Oxley Act (SOX): This act of 2002 is a federal law that imposes financial reporting and disclosure requirements on all publicly traded U.S. companies and aims to protect investors and prevent accounting fraud.
-
Gramm-Leach-Bliley Act (GLBA): This act of 1999, also known as the Financial Modernization Act of 1999, is a federal law in the U.S. that mandates financial institutions to protect the customer's financial information and implement a data security program.
-
Payment Card Industry Data Security Standard (PCI DSS): This set of policies and procedures governs the security of the cardholders’ data, such as credit card numbers, expiration dates and security codes. PCI DSS security controls help companies minimize the risk of data breaches, fraud and identity theft.
-
New York Department of Financial Services (NYDFS): These cybersecurity regulations aim to guarantee that financial institutions protect their client data and information systems from attacks.
-
General Data Protection Regulation (GDPR): This European Union legislation requires the protection of personal data and mandates strict norms on data processing, storage and transfer for organizations that handle EU residents’ personal information.
Once the relevant standards are identified, financial institutions should outline the specific steps needed to achieve and maintain compliance with each standard. After implementation, they should conduct assessments and audits regularly to ensure there are no gaps or deficiencies in the policies and procedures established. Training and employee awareness programs are necessary to educate employees about compliance standards, regulatory requirements and best practices for upholding compliance. They could also adopt a proactive approach to checking compliance with automated tools. From our end, Fluid Attacks offers continuous scanning that is based on industry standards. Our SAST tool performs scans that report several non-compliance in your software. Adhering and complying with regulations is essential to preserving the partners’ and customers’ confidence in the organization as well as avoiding substantial penalties.
Use solutions that prioritize security
There are several solutions or steps that a financial institution can take in order to keep their information secure:
-
Multi-factor authentication (MFA): This type of authentication grants access to resources only after the user provides two or more verification factors. Implementing MFA enhances user authentication and prevents unauthorized access to sensitive data and systems.
-
Data encryption: Sensitive data managed by financial institutions should always be encrypted at rest or in transit, ensuring that even if intercepted by threat actors, it will remain unreadable and unusable.
-
Endpoint security: Endpoints such as desktops, laptops, smartphones and servers should be protected with antivirus or other software that monitors the devices for irregular activity, unauthorized access attempts, malware detection and other threats.
-
Patch management: Financial institutions need to prioritize timely application of security patches that software vendors regularly release to fix vulnerabilities in their products.
Implement security methodologies and plans
Responding to a cyber attack while it's underway sometimes would be like attempting to bail out water from a sinking ship with buckets. We believe prevention and planning are better than panicking, being locked out of systems, paying ransom, losing business, etc. One way to take action before the fact is to have a proactive general approach to manage security, which is what the zero trust architecture does. The zero trust security model assumes that no user or device in the network is inherently trustworthy. That means that every access request, regardless of origin, is strictly verified before granting access to sensitive information or systems. This philosophy is brought to reality with ZTNA (Zero Trust Network Access) helping mitigate the risk of insider threats and unauthorized access attempts.
Another way to stay ahead of cyberattacks is to conduct security awareness training. Employees are often the first line of defense against cyberattacks. Regular security training programs can educate staff on how to identify phishing scams or other social engineering tactics and how to employ best practices, like using strong passwords, to maintain systems secure. This empowers employees to make informed decisions and avoid falling victim to malicious attacks.
As cyber security is never 100% bulletproof, it’s always recommended to develop and maintain a comprehensive incident response plan that outlines procedures for the detection, assessment, containment and mitigation of incidents. It is urged that the plan establishes clear roles and responsibilities for team members, that simulations and updates are conducted regularly and that it is kept offline.
How Fluid Attacks helps the financial sector
At Fluid Attacks, application security is our priority. For the financial service sector, we emerge as an all-in-one solution that contributes to security through different strategies.
-
Secure software development: We encourage our clients to follow the best secure coding practices, and we conduct thorough security testing throughout their software development lifecycle (SDLC) with our automated tools and certified hacking team to identify vulnerabilities in their applications and infrastructure.
-
Vulnerability identification: Our solutions, like pentesting and ethical hacking, endeavor to find vulnerabilities, which are the door cybercriminals need to penetrate your systems. Using top-level tools, methods and their valuable expertise, our hacking team attacks your system (with your permission) the same way a malicious actor would. With their findings, which you receive through our platform, you can make an informed decision on how to proceed.
-
Vulnerability management: Once the vulnerabilities in your software have been identified, which are detailed in our platform, they can be prioritized, reviewed by your team and assigned to them, and once this process has been completed, you can request re-attacks to verify their remediation. From the same platform, you can keep track of how the process of mitigating or reducing your exposure to risk is going. In addition, we offer remediation recommendations and support through generative AI and virtual calls with hackers.
All of the aforementioned is part of our Continuous Hacking solution, which helps our clients, in financial services and other industries improve their cybersecurity posture to provide high-quality products or services to their end users. One of our financial services clients, Protección, calls us “an important ally” in their constant quest for a more secure service. Read more about their success story here. Feel free to contact us to see how we can help your organization.
Table of contents
Share
Recommended blog posts
You might be interested in the following related posts.
Protecting your PoS systems from cyber threats
Top seven successful cyberattacks against this industry
Challenges, threats, and best practices for retailers
Be more secure by increasing trust in your software
How it works and how it improves your security posture
Sophisticated web-based attacks and proactive measures
The importance of API security in this app-driven world