The cyberspace race is heating up. Over the past year, the number of ransomware and general cyberattacks have increased dramatically, with more companies, individuals and even governments falling into digital bear traps. How will this growing problem impact financial institutions?
Research by VMWare, a cybersecurity firm, earlier this year found cyber-attacks against the financial sector increased 238% globally from February to April 2020. This happened around a similar time that global lockdowns started to be introduced due to the Covid-19 pandemic – exposing the security challenges that have become a mainstay since organisations were forced to start working from home.
According to an Allianz report on risk trends in financial services, a key factor of the financial services industry being targeted so heavily can be due to the fact companies in this area hold a lot of sensitive information on businesses, individuals and governments – alongside huge amounts of capital.
A recent report by SonicWall, an internet security company, found the number of ransomware attacks in the first half of this year had already eclipsed the whole of 2020. While this is a statistic that stretches far beyond financial institutions, ransomware may pose a bigger threat to the financial services industry than any other industry.
OneSpan director of global regulations and standards Michael Magrath said a number of ways financial institutions can get to grips with ransomware if they face it, or to avoid it if possible. Firstly, employees must be trained and continuously be retrained on cybersecurity – with internal phishing tests on employees ‘a great tool to keep employees alert’.
He also stated that all threat and attack information collected by financial institutions should be shared within the industry and with government regulators. Additionally, data back-up processes should include back-ups to offline storage, multi-factor authentication should be required to access all data and privilege access users should use different authenticators to access online and offline data.
With many ransomware gangs becoming even more technologically adapt at breaking into companies’ systems, there is additional growing demand by companies to find ways to strengthen their security systems.
Redscan head of penetration testing Jed Kafetz said, “A lot of finance firms are especially worried about ransomware, due to its popularity among highly skilled and well-resourced criminal gangs. Cybercriminals are capable of getting a foothold in a network, and then moving laterally to achieve a permission level where they can make the greatest impact. This could include taking down vital services, encrypting data and threatening to release it if their ransom demands are not met. For any industry with critical IT operations and high-value confidential data, ransomware can do major damage.”
Financial institutions’ problems in cyberspace
One of the key challenges for many financial institutions in the cyber world can revolve around identity – especially with countries that have not issued an eID to their citizens, OneSpan claimed. The firm mentioned that according to US Treasury figures, banks are losing over $1bn each month to identity-related cybercrime.
OneSpan referenced account takeover fraud – where cybercriminals gain access to a victim’s login details to steal funds or information – as one of the top threats for financial institutions currently in cyberspace, mainly due to the financial losses and mitigation efforts included. To deal with this, the firm said that individuals should stop using static passwords – as it believes employees and customers should use multi-factor authentication when accessing the network of a financial institution.
In other areas, the company said, “Phishing attacks are not going anywhere and mobile banking trojans pose a threat to banks as more and more consumers bank via their smartphone app. These are overlay attacks in which a fake screen is put on top of a legitimate bank application. The malware then captures the victim’s authentication credentials and can remain active while other banking transactions are performed. For example, the malware can modify transaction data by intercepting a funds transfer and redirecting the money to a fraudulent account.”
Another common form of cyberattack is distributed denial of service (DDoS) attacks. A DDoS attack is an attempt to disrupt the traffic of a targeted server, service or network by overwhelming the target or its infrastructure with a flood of Internet traffic. According to NetScout security technologist Philippe Alcoy, financial institutions can be extremely vulnerable to such an attack.
Alcoy said, “Organisations that operate within the financial sector are a prime target for DDoS cyberattacks as these organisations are perceived to have access to vast amounts of money, as well as large swathes of private data. High-profile examples of DDoS attacks against the financial sector include the DDoS extortion attack that hit the New Zealand stock exchange in August 2020, as well as the powerful DDoS attack that disrupted a number of Hungarian banking and telecommunication services in September 2020.”
Alcoy went on to highlight the fact that last year’s NetScout Threat Intelligence Report found collectively, cybercriminals launched over 10 million DDoS attacks globally last year for the first time in history – with more DDoS attacks against the finance industry in the month of June 2020 than there were from January to May the same year. Furthermore, between June and August 2020, there were more attacks recorded than during the whole period from April 2016 to May 2020.
Such findings reveal many signs that financial institutions are not as prepared as they should be in the face of a potential cyberattack, with a fairly clear indication that the mass migration to home working has revealed security cracks that many companies did not foreshadow.
This is an argument similarly echoed by ArcusTeam CEO Dr Carmit Yadin, who commented, “The cybersecurity space is currently a battlefield for many financial institutions, and this is just the start. The world is constantly evolving, and connectivity is becoming more of an influence on our lives – all is connected to all. With the onset of Covid-19, there was a rapid transition to work from home which increased the need for technological solutions, accelerating the transition to digital for various financial institutions.
“The more conservative financial institutions that expected employees to work from the office only have been forced to implement technological changes. However, from a security perspective, they are not ready yet.”
How to fight back?
While financial institutions may face some significant challenges relating to cyberspace in the near future, OneSpan global regulations and standards director Magrath believes there is a way to deal with the challenges in cyberspace – more collaboration between the government and the private sector.
He said, “Neither the government nor the private sector can successfully win the cybersecurity wars alone. In the US, the National Institute of Standards and Technology has historically engaged the private sector prior to introducing or revising guidance. This enables the industry to help shape the guidance.
“For example, the US Cybersecurity and Infrastructure Security Agency (CISA) announced recently it is creating the Joint Cyber Defense Collaborative to build a national cybersecurity defence strategy built on collaboration among the public and private sectors.”
Magrath cited a quote by CISA director Jen Easterly, who said that one of her biggest priorities as a director was to ensure that the agency cultivated and strengthened the partnerships that it had with industry, academia and researchers within the hacker community to ‘ensure we are leveraging the best and brightest of this community for the collective defence of the nation’.
He also referenced regulations in Europe, where Regulation 2021/887 establishes the European Cybersecurity Industrial, Technology and Research Competence Centre as well as the Network of National Coordination Centres.
The EU’s website stated that “it will develop and implement, with member states, industry and the cybersecurity technology community, a common agenda for technology development and for its wide deployment in areas of public interest and in businesses”
The question as to whether the financial services industry will continue to be a hot target for hackers going forward seems indisputable – with the connections and capital in the industry, is it unlikely to lose popularity with financial criminals. However, if the financial industry takes heed of advice to reduce its cyber vulnerabilities, the fight back by financial institutions may start to take shape.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst