A study by cybersecurity firm Imperva Research Labs has found web applications attacks on the financial services industry hiked 38% between January and May 2021.
The report went into detail regarding where the main security threats lay in the financial services market. These included sensitive data breaches, distributed-denial-of-service (DDos) attacks, ransom denial-of-service (RDoS) threats, client side attacks and supply chain attacks.
According to Imperva, attacks on sensitive data are escalating, with more than 870 million records being compromised in the month of January 2021 alone – a total more than the overall number of compromised records in 2017.
For DDoS attacks, the cybersecurity firm found that the numbers of requests per second in Layer 7 DDoS attacks targeting financial services have tripled since April 2021. Meanwhile, the company also found RDoS threats climbed at the end of last year going into 2021, targeting thousands of large commercial organisations globally including many in financial services.
The study found that 74% of the data stolen in the past several years is personal data. Imperva claims this widespread theft of personal data is a strong indication that many organisations are not putting enough protection in place to secure it.
The company said that in many cases, personal data theft from financial institutions is made easier as it is regularly shared between systems, suppliers and people to complete transactions.
On how people and organisations can do more to mitigate risks of attacks, Imperva said, “Ensure you can see the data first, then you can protect it, and all paths to it. This means protecting the organization’s websites, mobile applications, and APIs from automated attacks without affecting the flow of business-critical traffic.
“It must also defend against DDoS injections and account takeovers outside the network core. It also means providing your business applications with full-function defence-in-depth with web application firewalls (WAFs), bot management, and runtime and API protection.
“Most importantly, it means having the capacity to discover and tag sensitive personal data as well as enrich and correlate the data to provide accurate behavioural analysis for threat prevention and mitigation. This enables you to automate the extension of your security controls to all of your data – on-premises and cloud-based, current and archived – to ensure continued compliance reporting, governance, and security for all data sources.”
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst