Cyber Security Trends in the Financial Sector

by Dr. Christine Izuakor | Jun 03, 2019

Financial gain is one of the most common motivations behind cyber-attacks, making the financial sector an attractive target for cyber criminals. Recently, it was reported that companies in finance lost nearly $20 billion due to cyber-attacks and breaches. Furthermore, it was reported that financial companies get attacked 2500x more than a typical business for a total of over one billion attack attempts in a single year. These attacks don’t just target financial institutions. They target everyone from individual consumers and account holders to corporations and governments.  No entity is immune from falling prey. Here are some important trends to know about when it comes to cyber security in finance:

Some of the largest breaches of the century have impacted the financial sector. Here are a few notable breaches  we can all learn from:

  • Bangladesh Central Bank found itself in hot water when SWIFT, a central bank-owned third party, was exploited and used to make several illegal payments resulting in the loss of approximately $100 million.
  • Equifax is known as one of the most significant data breaches in history for any sector. With impact numbers equating to almost half of the United States population (over 143 million users impacted), the credit reporting agency was forced to take a hard look at their cyber security posture. Several executives left the company as a result, and the organization is still working to recover. The attack's success was attributed to a missing patch.
  • JP Morgan Chase endured one of the largest breaches in the history of the banking attacks when seven million small businesses and almost eighty million customers were impacted by a cyber-attack. The attackers didn’t just go after customer information. They were able to obtain information on the inner workings and details of the bank's infrastructure and technology, which can enable future attacks.
  • Korea Credit Bureau fell victim to an Insider Threat attack when an employee exported sensitive customer data associated with numerous banks. The attack resulted in an impact to victims amounting to almost fifty percent of the country’s population at the time.
  • MasterCard found itself in the headlines after one of their third-party vendors, CardSystem Solutions, was hacked compromising forty million credit card numbers. Roughly forty percent of the data belonged to MasterCard customers.

Despite being heavily and increasingly regulated, cyber-attacks are still effective in this space due to gaps in basic cyber hygiene and creative attack methods such as ATM jackpotting.

  • ATM Jackpotting – This phenomenon plagued Europe and Asia for some time before making its way to US ATMs last year. To carry out an ATM jackpotting attack, cyber criminals install malicious code or devices on ATMs and manipulate them to dispense unauthorized transactions – resulting in access to “free” cash. Due to the public nature of ATMs, attackers have been able to pose as technicians to “work” on the cash machines or manipulate them during odd hours.
  • Normal Cyber Hygiene Challenges – As seen in the breaches outlined above, typical security challenges are still disrupting the financial sector. From missed patches to third-party cyber risks, general cyber risks applicable to any industry with sensitive assets apply here as well.
  • Heavy regulation – Financial companies are one of the most heavily regulated industries, and those regulations continue to evolve to address growing risks. In the past, this rigor in regulation may have created a false sense of security – leading consumers and corporations to believe that banking assets were “more secure” and thus less prone to successful cyber attacks. After witnessing the wealth of breaches in this space, we know that this couldn’t be further from the truth, and companies are paying closer attention to secure assets beyond standard compliance requirements.

Both old and new solutions are helping mitigate some of the biggest risks.

The industry is continually seeking ways to improve security through stronger authentication, integrity checking, machine learning, artificial intelligence, and more.

  • Biometrics are increasingly being used to authenticate and verify sensitive transactions. With fraud and identity theft still posing a considerable challenge in the financial industry, a secure authentication strategy is imperative. With the number of mass breaches and compromised credentials occurring, relying on traditional passwords opens users up to more cyber risk. Biometrics offer a more secure and reliable means to verify users.
  • Blockchain is still a buzzword in fintech. This concept has been branded as a key solution to integrity challenges within the banking and financial sector. Secure by design, the technology provides a distributed way to conduct transactions inclusive of non-repudiation, indestructibility, and unmodifiable capabilities.
  • Traditional and general best practices around security apply to the sector as usual. Financial sector companies are often tormented by the basic challenges associated with patching, asset management, network visibility, and more. In response, many are focusing on building in layered security, creating redundancy in critical assets to continue operating during adverse circumstances, and implementing network segmentation to more effectively manage evolving attacks to critical assets.
  • Artificial intelligence can be used to detect anomalous use of financial accounts and credit cards that typically lead to identity theft or fraud. Integration of AI is growing across cyber security technology, and it’s being leveraged in finance specifically to prevent, detect, and respond to Fintech attacks.

Arguably one of the most highly targeted sectors in the world, companies within the finance and banking industry must consider cyber security a top priority. Through the history of fumbles and breaches in this space, we’ve seen that ignoring security in any sector, but especially in finance, can be catastrophic. Because consumers are also directly targeted more often in this sector, the stakes are higher. Thankfully, the industry continues to invest in advancing security for corporations and consumers in this space.