The Banking and Financial Services sector is struggling with a skills shortage along with the sheer volume of threats and alerts as it continues its ongoing battle against cybercrime. This is according to a Twitter poll conducted by cyberthreat intelligence provider Blueliv. With financial organisations a prime target for attacks, preventing fraud and data leakages is key to the sector’s security strategies – but it is getting harder as cyberthreats become increasingly diverse, sophisticated and malicious.
Rise in banking Trojans
The poll revealed that roughly a third of respondents are concerned about the impact banking Trojans (31 percent) and mobile malware (28 percent) will have on financial services organisations and their customers in 2020. This is in line with Blueliv’s latest cyberthreat intelligence report for the financial services sector.
Tracking the latest evolving threats, Blueliv’s researchers observed a 283 percent increase in botnets relating to Trickbot as well as a 130 percent increase in Dridex botnets. These botnets are linked to the distribution of banking Trojans and other malware families targeting the financial services sector.
Blueliv’s report also highlights that malware targeting mobile apps is one of the most rapidly developing threats to the financial services sector, with functionalities that allow criminals to gather user credentials as well as steal funds from mobile users’ bank accounts. This is partly driven by the fact that cybercriminals can now easily buy malware builders in underground forums, and that these often include advanced evasion techniques so the malware remains undetected on infected devices.
Fraud prevention most crucial security element
While the financial services sector – by its very nature – has some of the most mature cyberdefense strategies and is ahead of many other industries in detecting and preventing economic crime, weak spots remain in some organizations’ fraud risk assessments. This is underlined by the fact that 35 percent of poll respondents named fraud prevention the most crucial element to an ongoing cybersecurity strategy. Unauthorised transmission of data from within an organisation to external recipients is another key concern, with 31 percent of respondents considering the prevention of data leaks the most important.
Just under a quarter (24 percent) would focus their security strategy around regulation and compliance requirements such as GDPR; in contrast to this, the same number of respondents (25 percent) named regulatory issues as the biggest challenge for financial services institutions developing ongoing security programmes.
Visibility of threats is a challenge
According to the poll, financial services organizations encounter a range of issues as they build their security programmes – the most pressing being a shortage of skills (28 percent), followed by the high volume of threats and alerts (26 percent) and a lack of visibility into cyberthreats (20 percent). This is hardly surprising: as financial services institutions (FSIs) embrace digital processes and new customer interaction channels, so their attack surface grows, making it harder to keep on top of threats ranging from Point-of-Sale (PoS) to ATM malware, mobile apps malware to card skimmers.
“Organizations in the financial sector face a constantly changing threat landscape,” commented Daniel Solís, CEO and founder, Blueliv. “Business priorities have shifted and digital risk management is now central. Because they are such high-value targets for cybercriminal activity, it is imperative that financial services organizations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack.”
Solís continued, “FSI security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitisation to real, preventable threats. Threat intelligence can address the cyberskills gap through continuous automated monitoring combined with human resource to provide context, helping FSIs develop highly-targeted threat detection, prevention and investigation capabilities.”