The most common Cybersecurity threats to the Financial Services Sector

With data from the Financial Conduct Authority (FCA) showing that the number of cyber-attacks against the financial sector increased fivefold in 2018, we take a look at some of the most common cybersecurity threats the sector faces.

Supply Chain attacks

With more and businesses connected via supply chains, the opportunities for hackers to exploit a weak link has never been greater. All it takes is one member of the chain to not be up to scratch with its cybersecurity for an attacker to find a way into the wider chain.

Financial services in particular are a favoured target due to the large amount of funds and sensitive data that they typically handle.

Financial service supply chains are often hugely complex but there is a way for an organisation to get an overview of the chains posture.

Encouraging partners to use CyberScore™ on their networks is a quick and efficient way to check the cybersecurity posture of all links in the chain allowing you to see which ones need to improve and which ones to potentially avoid entirely.

For further reading - Supply Chain Attacks Increased 78% in 2018

3rd, 4th, 5th Party Vendors

Financial organisations typically utilise services from vendors from many different locations. The obvious way around this is to ask whether that service or capability can be done in house.

Some questions to ask include:

  • Do you have the resources to spare? If you don’t then you need to ask a few questions of a vendor.
  • Where are they based? Are there region-specific threats or legislation that must be followed?
  • Have you done any Due Diligence on them? How is their cybersecurity posture?

For further reading: Do you know your third-party risk?

DoS/DDoS Attacks –

Perhaps one of the most potentially damaging forms of cyberattack to a financial institution is that of a Denial and Distributed Denial of Service attack. A Dos/DDoS attack can result in the disruption of a range of services such as website access, ATM networks, online banking platforms and internal systems that an organisation may need to function. Such attacks can be hugely damaging and can result in financial losses and damage to the institution’s reputation.

For further reading: Beware Zombie Computers

Insider Vulnerabilities –

According to data produced by IBM, financial services are in the top three sectors targeted by insider attacks. The report also highlighted that 75% of reported insider attacks were intentional with the rest being the result of accidents.

One of the most effective ways of reducing the threat is to introduce privileges and policies into the organisation to restrict access to sensitive areas to just those that need it.

Creating a cyber aware culture and one where employees feel valued will go a long way. When employees become disgruntled or angry with their employer the chances of a malicious act increase.

 For further reading - Securing Internally is just as important as securing Externally

Digital Transformation –

With more and more financial organisations bringing their services online the rush towards digital transformation can sometimes result in security falling by the wayside.

Using automated scanning tools such as CyberScore™ a business undergoing a transformation can run regular scans and ensure that they are remaining vigilant to any security gaps that may appear.

For further reading- 3 Reasons why Cybersecurity is a Business Enabler

IoT Devices –

It’s predicted that by 2020 there will be an estimated 20 billion IoT devices connected to the internet. With infinite new connections between devices potentially leaving back doors open in terms of security, an organisation needs to be able to reduce the risks.

The introduction of policies and by documenting how many connected devices are in use inside the organisation can aid a security team to take action to secure them all or at least get an overview of what’s being used.

For further reading- Reduce the IoT Risks with CyberScore™

Phishing/Spear Phishing/Whaling

Phishing remains the most common type of attack used against the financial services sector. Combined with social engineering techniques such as attackers using emails, social media, instant messaging, and SMS to trick victims into providing sensitive information or visiting malicious URLs in attempts to compromise systems. An attacker can carry out a Business Email Compromise (BEC) attack which can result in large sums of money being sent to a fraudulent account. According to Kaspersky, financial phishing attempts accounted for over 50% of all phishing attacks in 2018.

For further reading- Don’t get reeled in by Phishers

Social Engineering –

A favourite tactic of hackers is social engineering. With social media accounts and websites containing a plethora of information, they are the ideal locations for hackers to garner intelligence on a target. Looking at a financial institutes website for example is a good way for them to discover who the key figures are, such as who’s the CEO, Finance Director etc.. Using this information, a scammer can create spear phishing emails in the aim of tricking employees into either clicking malicious links and attachments or to transfer funds to a fraudulent account.

For further reading- Reeling in the Big Fish

Take Control with CyberScore™

Financial institutes can take control of their cybersecurity by using the award winning CyberScore™. CyberScore™ is an automated testing service that allows you to take control of your cybersecurity by detecting vulnerabilities and providing you with empirical evidence and Get-Well plans. The score itself also allows you to clearly demonstrate to the board simply where your organisation currently stands in terms of its cyber risk rating and security posture

XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.

Follow us on FacebookTwitter and LinkedIn and join the CyberScore Community