According to a freedom of information request made by accountancy firm RSM, there was a massive increase in the number of reported of cyber attacks against financial services companies in 2018.
The cause of the rise is no doubt partly down to the introduction of the General Data Protection Regulation (GDPR). As a result, the number of recorded attacks increased from just 69 reported in 2017 to 819 in 2018.
The data shows that the retail banking sector recorded the brunt of the incidents, with the sector reporting 60% of the total. The next most affected area was the wholesale financial markets with 115 reports followed by retail investment firms with 53 reported incidents.
Despite the sharp increase in the number of reported incidents it is likely that there is still an issue with under reporting with experts concerned that many incidents continue to not be disclosed to the authorities.
The freedom of information request supports a report released earlier in the year by the Financial Conduct Authority (FCA) which showed a 480% increase in the number of reported cyber incidents. The increase in the reporting of incidents shows that thanks to the introduction of new legislation like GDPR the financial sector appears to be taking the issue of cybersecurity more seriously.
The report further highlights the risks from the use of third-party apps and services with third-party failures accounting for over a fifth (174 out of the 819) of the incidents reported.
Most financial service companies use IT services provided by third party providers making them an attractive target for cybercriminals.
Apps and add-ons ranging from live chatbots to customer review plugins have grown in popularity but unfortunately, many of them have poor security standards that hackers can and do exploit.
Cybercrime is constantly evolving with new forms of malware and attack strategies being devised by the day and with automated hacking tools, any company without the cybersecurity basics in place will fall victim. It may seem overwhelming and the pressures on IT security teams and CISOs have never been higher.
However, there is a way Financial services can take control of their security. By using CyberScore™ on your partners you will be able to see what areas of their security they need to improve and what areas are vulnerable to compromises.
CyberScore™ is an automated testing service that detects vulnerabilities in your organisation’s networks, allowing you to take control of your cybersecurity by providing empirical evidence via Get-Well plans and Patch reports. Also, if your organisation is yet to attain Cyber Essentials certification CyberScore will provide you with an overview of how your security stacks up against the scheme and whether you’re likely to pass or fail.
Financial services will always be a prime target for cybercriminals, but by taking control of their security they can flourish. Implementing and enforcing the use of the cyber basics play a key role in reducing the threats.
XQ Cyber is a CHECK Service provider, accredited by the NCSC, providing technical services including:
• IT health checks • Penetration testing
• Social engineering/full spectrum red teaming
• Internal threat simulation (Advanced phishing assessments).
• Incident Response - preparedness and testing
• Virtual Information Security Manager (VISM) or Virtual CISO (VISO)
For more information about CPAs get in touch via:
Email: [email protected]