Businesses of all sizes are targets for cyberattacks, financial institutions much more so than most. Andrea Babbs, UK general manager of VIPRE SafeSend believes it is time for them to step up their security infrastructure.
With over 20 years of experience in the IT industry, she has worked for security vendors and resellers dealing with email, endpoint and web security, watching the threat landscape change from simple viruses and spam to the sophisticated, polymorphic threats of today.
With humans the last line of defence, education and effective tools are needed to help them prevent making small mistakes with big consequences. In this article, Andrea explains why financial organisations are a prime target for cyberattacks and ransomware threats, and what they can do going forward to mitigate the risks.
The financial services industry deals with highly sensitive information, including monetary transactions, personal information and financial data, all of which are the Holy Grail for cybercriminals. The consequences of this information falling into the wrong hands could mean the loss of significant sums of money, including financial penalties, costs for audits to understand why the incident happened and what additional protocols need to be implemented going forward.
Accenture’s 2019 Ninth Annual Cost of Cybercrime report, found that financial services incurred the highest cybercrime costs of all industries. Additionally, the fallout from data breaches goes far beyond financial costs. Financial services businesses have reputations to uphold in order to maintain a loyal customer base. If they fail to protect their customers’ sensitive information, they will have to manage the negative press and mistrust from existing and potential customers.
In such a highly competitive market, it doesn’t take much for customers to take their money elsewhere. While examples of external threats make the headlines, such as the Capital One cyber incident, unintentional breaches don’t always gain as much attention.
The Importance of Email and Unintentional Breaches
Despite this, human errors, including misdeliveries via email, are almost twice as likely to result in confirmed data disclosure. One of the biggest threats to an organisation’s security infrastructure is over-reliance on email. With remote working becoming the norm for many businesses in 2020, it is arguably more important than ever as a communication tool.
Humans are only ever a click away from sending an email with the wrong attachment, or to the wrong contact. But this can be more than just an embarrassing mistake – the ramifications could, in fact, be catastrophic.
Cyber attacks, especially against banks and those working in finance, have increased dramatically since the start of the coronavirus pandemic, with a 238% surge in financially-motivated attacks, according to the third edition of VMware’s Modern Bank Heists report. Many of these attacks are COVID-related in nature, linking to accessing loans to help businesses or fake government emails as highlighted by UK Finance. In turn, 96% of UK executives said they will shift their cybersecurity strategy due to COVID-19, according to a recent study by PwC.
2020 may have been the catalyst for businesses to improve their understanding of cyber threats and the vulnerabilities they exploit as they plan for the new normal, but how can they do this successfully?
Within the financial services sector, the stakes are high, so an effective, layered cybersecurity strategy is essential to reduce risk and keep sensitive information secure. Security protocols are designed to prevent most instances of unauthorised interception and email spoofing. Adding a dedicated email-to-email encryption service to your email security arsenal also increases your protection in this area.
Data Loss Prevention Solutions
Financial organisations can deploy innovative technology solutions to educate their workforce in real-time. This includes Data Loss Prevention (DLP) solutions, which enable the firm to implement security measures for the detection, control and prevention of risky email sending behaviours. Rather than impeding the working practices of users, these tools instead give the employee a critical second chance to double-check their email is going to the right person.
It is this double-check that can be the critical factor in an organisation’s cybersecurity efforts.
Security guidelines and rules regarding the circulation and storage of sensitive financial information are essential, as well as clear steps to follow when a security incident happens.
Training the Workforce
Cybersecurity awareness training should be implemented as soon as an employee joins a company, and should be an ongoing programme with quarterly or monthly short, informative sessions. This training should also incorporate phishing simulations and attacks to demonstrate to users how these incidents can appear, and educate them on how to spot and flag them accordingly.
This reinforcement of security messaging, working in tandem with simulated phishing attacks ensures that everyone is capable of spotting a phishing scam and knows how to handle sensitive information.
Moving forward, cybersecurity should be at the forefront of all businesses’ agendas. The increasing sophistication of cybercriminals, coupled with the rapid shift of digital technologies brought about by the COVID-19 pandemic has emphasised the importance of a strong security infrastructure.
As a prime target for cybercriminals, financial service organisations must prioritise their cybersecurity. This includes regularly assessing risks, deploying innovative, human-led solutions and educating workforces to provide the best defence possible. With a layered security strategy in place and a proactive approach to their cyber defences, the risks can be minimised.