Lastest news

The top five security challenges for the financial sector

Nov 06, 2020

2020 has seen a sharp rise in cyberattacks. How can those in the financial sector overcome these security challenges? Eleanor Barlow outlines the top five risks organisations should be aware of.

Security measures in the financial sector, such as key codes, two-factor authentication, voice ID, behavioural analysis, one-time passcodes, protective messaging, and digital fingerprinting, have evolved dramatically. But with more security measures in place, there are arguably just more elements for attackers to infiltrate.

Through an analysis of a real-life threat to a large financial client, we have found the top five security challenges facing the financial sector, the risk of future threats, and how to spot these threats before it is too late.

Ransomware

Ransomware has increased dramatically over the last few years, both in terms of the number of attacks and the range of methods used to conduct them. Attackers are incredibly sophisticated. Once they have your data, there is no guarantee that your data will be given back or decrypted, even if you pay up. There is also no guarantee that you will not be targeted a second time. Often, once an attack is made, the bad actor will sell the details on because the payload can still be there.

Internal threats

According to the Verizon 2020 Data Breach Investigations Report (DBIR), employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking the organisation. In fact, misdelivery within the company, by which information is inadvertently sent to the wrong person, appears to be the most common issue in terms of insider threats. Misdelivery can occur via emails forwarded or sent to the wrong recipient, by incorporating the wrong mailing list, or the incorrect address on a paper document. Misdelivery is, more often than not, accidental and non-malicious, but the effects can be devastating.

App developments

Apps for investment and finance have grown substantially in 2020. This, in part, is a good thing as the ability to invest online is quick, easy, and accessible to all. However, many apps were developed quickly and are consequently underprepared for cyberattacks. Many do not provide two-factor authentication, are not supported by the appropriate regulations, are not patched or appropriately maintained, and do not have contingency plans to mitigate the effects of a cyberattack. As a result, app users’ personal information is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app are mirrored. Once the personal information is supplied, both real and virtual money is then accessible.

Third-party risks

These days, few organisations work alone. The majority use third parties including vendors, partners, email providers, service providers, web hosting companies, law firms, data management companies, subcontractors and so on. Without appropriate security measures in place, these third parties could easily provide a backdoor for attackers into your financial systems.

COVID-19

Cybercriminals continue to target the financial sector amid the pandemic. As a result, we have seen a spike in attacks on banks, financial organisations, as well as third parties connected to them. Before COVID-19, if an attacker wanted to sabotage a company or steal data, they would target the business itself – the website, the social accounts, the logins and all its vulnerabilities. In response, organisations established parameters for this. Now, attackers simply need to target a single remote worker.

In response to these five threats, banks and financial institutions require tailored and sophisticated security to support their systems and people, and to defend against an onslaught of complex and aggressive cyberattacks. Not only must the financial sector increase its security compliance tenfold, security precautions must also evolve to mirror the growing threat landscape.

Eleanor Barlow is Content Manager at SecurityHQ.