Financial institutions are a favourite target of Black Hat Hackers. Why are cybercriminals hammering the financial sector?

Gone are the masks and guns, bank and financial institutions robberies. Criminals have shifted to more sophisticated methods of getting their hands on funds and data. They traded masks and guns for scripts and ransomware.

The past twenty four months saw the rate of attempted cyber attacks and hacks dramatically increase in the financial sector, with the likes of banks and credit institutions being favourites (favourite targets) with cyber criminals. It is a fact that black hat hackers are becoming increasingly sophisticated, and thus it is no surprise that they are now eyeing the financial sector.

Shocking Statistics

In London alone, in 2018, there were 819 successful cyber incidents, an increase of over 1000% over the previous year (in the financial services sector). The European Systemic Risk Board estimated that in the same year cyber-attacks had a global cost of $45bn to $654bn.

When hackers attack financial services firms they also attack entities that are in the periphery of the sector such as brokers, asset managers and insurance providers.

Understanding the risks and knowing who your ‘enemy’ is, is key to building resilience in and around your organisation. Sending all employees to cyber security awareness training is a way of educating employees to recognise risks and threats. Cyber threats come from a wide range of actors, ranging from script-kiddies to organised crime and state-sponsored hacker teams – all using advanced and sophisticated tactics, techniques and procedures (TTPs).

The motivation behind these actors varies, but all lead to the same devastating results. Always be proactive to harden systems and applications to close down exploit opportunities. Weaknesses, holes and vulnerabilities can be identified through thorough penetration testing exercises.

Motivation behind financial services cyber attacks

There are a myriad of motives behind cyber attacks in the financial services industry, namely: data theft, data integrity and sabotage and (direct) financial theft. Once companies understand these threats then an accurate cyber security strategy can be implemented to protect your organisation from cyber attacks. Disruption of business operations costs millions of euro, and hackers know this too well! They ask for ransom money to release systems which they freeze or data which they put their hands on.

Ransomware is a common occurrence of the way these malicious actors penetrate organisations. In highly regulated sectors such as banking and financial services, licences might be at risk when data breaches are experienced. Licence suspensions and in extreme cases revocation are not unheard of.

In the ever-evolving threat landscape, fuelled by wider digital surfaces, maliciously crafted social engineering attacks, mostly in the form of phishing emails, are targeting transfer of funds, as was the case with Bank of Valletta in Malta a few months back. CEO fraud (wherein cyber criminals spoof organisation email accounts and impersonate executives giving bogus instructions), credential stuffing and destructive malware are all used on a daily basis by hackers to steal funds, data and to hold organisations at ransom.

To help fight the increasing threats of phishing, it is recommended that simulations of phishing email attacks are run over six to twelve months, to identify weak links in the internal ecosystem and help educate resources to up the level of defences of the organisation. Keep attackers away from gaining a foothold in the organisation – strategically develop a cyber security strategy, led and advocated by a CISO or vCISO, to serve as a catalyst for the implementation of cyber security protection and best practices.

Don’t leave cyber security to chance

Old technologies are to be replaced by cutting edge new technologies to have a bright and secure future in the financial services sector. The migration to the cloud is to be well managed and all configurations of cloud environments should be a priority topper. Artificial intelligence, help automate and counteract any malicious attacks targeting your organisation.

Sadly, study after study it transpires that the weakest link in cyber security chains is people – mistakes, lack of knowledge, human error, carelessness or undisciplined actions (such as the use of weak passwords) are (unfortunately!) order of the day. Train your employees to recognise threats and take on full ownership of cyber security in their space.

You definitely need to be able to detect, analyse and defend against cyber criminals who are using multiple methods of attack, techniques and tools, lately also powered by artificial intelligence. Choose us as your cyber security expert partner. Speak to us today!