The average cost of a data breach in the financial services sector now exceeds $5 million, nearly $2 million higher than the average cost across all other sectors. That’s according to a data breach report published by IBM earlier this year, highlighting the disproportionate levels of risk facing the financial services industry as businesses continue to navigate one of the most turbulent economic periods on record.
Ian Porteous is the Regional Director for Security Engineering at Check Point Software Technologies. With more than 20 years’ experience in the field, Ian has been with Check Point for the past 14 years, through their transition from a Firewall vendor to a provider of cyber security solutions covering Enterprise Networks, Data Centre, Cloud, Mobile and Endpoint Security.
Here, Ian shares his thoughts on why financial services are being targeted by cybercriminals.
Against the backdrop of an international health crisis, businesses in all sectors have been redoubling their efforts to sustain pre-pandemic levels of productivity, often leading to the rapid acceleration of digital transformation initiatives. By McKinsey’s reckoning, some sectors achieved more than a decade’s worth of growth in a 90-day period as they adapted their internal processes and customer service operations. However, when businesses are pushed to grow out of necessity rather than move at their own pace, security often takes a backseat. This has presented threat actors with more opportunities to strike, and it’s one of the reasons we’ve seen the threat landscape change so significantly in the past two years.
By October 2021, global incidents of cybercrime had experienced a 40% year-on-year increase as bad actors continued to take advantage of the disruption. According to our researchers, 2021 saw a staggering 102% increase in ransomware attacks, with fraudsters adopting new strategies such as triple extortion techniques to seize data.
But while the impact on all sectors has been significant, the financial services industry has been disproportionately targeted by cybercriminals post-pandemic. According to one source, there was a 238% spike in the number of cyberattack incidents experienced by banks between February and April 2020, just months into the crisis. And according to Check Point Research, over the last six months, financial organisations in the UK have experienced an average of 409 cyberattacks a week. To date, nearly 75% of banks and insurance groups have reported spikes in cybercrime to varying degrees and according to Ponemon Institute, 57% of companies in the UK finance sector believe the pandemic has exposed employees to increased cyber risk. After a year or more of remote working and cloud migration, cyber threats are continuing to ravage the financial services sector in what could easily be described as a perfect storm of risk and vulnerability. So what are those risks, and what security strategies should businesses be considering as we move into 2022?
Challenges facing the financial services sector
One of the biggest challenges reported by Check Point’s financial customers has been the rapid implementation of a cloud migration strategy, particularly when it comes to regulatory and compliance concerns around public cloud adoption. Public cloud adoption as part of a wider multi-cloud strategy has become increasingly important for businesses in all sectors, allowing them to take an agile, cost-effective approach to cloud migration. However, more is at stake for the financial services sector as they attempt to walk the line between public, private and on-premise data management solutions. Getting this balance right in a way that prioritises efficiency, cost-effectiveness and security is a huge challenge for the sector.
But cloud innovation is only possible where budget is available, and often this budget is swallowed up by legacy systems and architecture that can be difficult to shake. Those that haven’t been able to embark on a rapid cloud transformation journey due to strained budgets are usually the same businesses that spend huge amounts of capital on “keeping the lights on” when it comes to legacy services.
Beyond migration and infrastructure, the financial services sector has to think more carefully than almost any other sector about data security. Who is responsible when it comes to securing customer endpoints like mobile devices? The user? The app developer? The phone manufacturer? There are so many touchpoints along the security chain that everybody has a role to play, particularly service providers themselves. A chain is only as strong as its weakest link, so those businesses in the financial services sector need to have a complete and robust understanding of the security role they need to play in order to provide a secure end-to-end service for their customers.
Navigating the current threat landscape
As as well as strategic challenges, businesses in the financial services industry are also facing increasingly sophisticated threats from bad actors. Online commerce has skyrocketed, and the number of people handing over their data to third-party financial services firms has boomed as a result. Those in the FSI sector work almost exclusively with funds, personal credentials and other sensitive customer data, all of which have tremendous value to a criminal who could hold this information to ransom, use it to redirect payments, or simply sell to the highest bidder on the dark web.
Among the biggest threats currently facing the sector are phishing scams and so-called “banking trojans”, which are evolving at pace. Trickbot, Dridex, Qbot and IcedID are all banking trojans that have developed significantly over the past 12-24 month period following the Emotet takedown in January. Rather than settling for the backdoor transfer of relatively small sums of money, these new-wave banking trojans attempt to monetise every machine and network they compromise, all while making future cyberattacks easier to execute. These trojans are now major platforms for unleashing devastating ransomware and double extortion attacks on the financial services sector.
Another prominent threat facing the sector are DDoS, or “distributed denial of service” attacks. In a DDoS attack, the target network is flooded with thousands, or even millions, of superfluous requests that overwhelm a company’s resources, leaving it vulnerable to attack. In June 2021, Radware reported a wave of DDoS attacks specifically targeting financial institutions.
What financial services institutions can do to safeguard their data
One of the biggest challenges that has materialised in the past two years is the rapid expansion of attack surface area for cybercriminals to exploit. Generally speaking, the broader the attack surface, the more vulnerable a business becomes, so rapid cloud transformation is a risky endeavour for the unprepared. When it comes to cybersecurity, prevention is always better than cure, so financial institutions need to be looking at all-encompassing architected solutions that provide visibility and real-time insight instead of focusing purely on remedial strategies. Rather than having a dozen siloed security solutions clumsily stitched together, businesses should instead be focusing on their security as an architecture in and of itself, consolidating patching, segmentation, audits, access controls and more into one unified set of processes.
This is of particular importance today when teams are more likely to be distributed and endpoints scattered. According to the Ponemon Institute, around 70% of breaches originate at the endpoint, so gaining integrated, real-time control and visibility over those endpoints is absolutely crucial as we move into 2022.
To this end, we’re likely to see AI play an increasingly important role in end-to-end network monitoring. Consumer trends and developments in IoT technology are advancing at such a rapid pace, that AI is really the only way businesses can stay ahead of the curve and monitor their entire value chain. Over the next couple of years, expect the number of AI models developed for this purpose to increase exponentially, with models competing with one another to provide the best monitoring capabilities. Innovation, however, is not exclusive to businesses.
Threat actors will also be looking to enhance their attacks using AI and machine learning, resulting in a “war of models” as the battle over the massive amounts of data generated by IoT devices begins to heat up. Like it or not, the FSI sector is about to enter an arms race against threat actors. Whichever side has a better, more robust way of dealing with anomalies, identifying signals and uncovering new intelligence, will prevail.