Growing Security Risk in the Financial Industry
Financial institutions have always been an ideal target for cyber criminals. Quite simply, that's where the money is. But as finance has gone digital, and global, these institutions have drawn more attention from malicious groups, including nation-states and hacktivists, with political and ideological, as well as financial agendas.
The seemingly exponential growth of mobile banking and digital financial services have created an enterprise-scale balancing act between convenience and a rapidly expanding attack surface. And the availability of these nation-state grade capabilities on the dark web, and contract hacker services, with cost driven down by market saturation, increases the pool of potential cyber criminals. But those are just the external threats. Financial institutions still need to grapple with internally caused theft, cyber-vandalism, insider trading, and end-user vulnerabilities. This raises a couple of questions, namely: just how vulnerable are financial institutions, and what can be done about it?
To begin, banks, credit unions, credit card companies, mortgage and loan brokers, investment firms, trust and pension funds all fall under the umbrella of "financial institutions." Given the range of services, and clientele, the impact of a single security incident can have huge consequences. In 2017, the Financial Conduct Authority (FCA) experienced an:
- 80% increase in reported cyber attacks against financial services firms from the previous year.
The firms themselves experience cyber attacks 300 times more frequently than companies in other industries. The consequences have also proven more severe. Businesses in the financial sector also experience the highest rate of customer churn following a breach, and the cost per stolen record is roughly one hundred dollars above average ($335 versus $225). One out of five institutions cited "brand trust or damage to their reputations" as the top concern following a data breach incident. And for good reason, as:
- 12.3% of customers left their credit unions after a breach
- 22.4% left their credit card companies
- and 28% left their banks
Malware is a common attack vector in financial institution security events. In 2017, the average cost of a malware attack was around $825,000 dollars. When hit with a DDoS attack, the cost hovered around $1.8 million. And given that 56% of financial institutions saw an increase in DDoS attacks, the numbers are not in their favor. For those companies that have been hit with a DDoS attack:
- 49% were targeted via their public website (8% higher than average)
- 48% reported that their online banking services were impacted
Tip: Looking to protect your business from a DDoS attack? Here are four easy ways to do so.
These, often multi-layered, DDoS attacks provide cybercriminals a means of conducting fraudulent transactions, stealing customer information to use or sell on the dark web, and spreading ransomware. Fraud remains the industry's number one form of cybercrime. Incidents of off- and online fraud increased by 130% in 2017, and cost banks $11 billion. In the past year, 27% of U.S. adults have been victims of credit card fraud, and 22% closed at least one bank account.
Finance in the Digital Age
Many of these security concerns arise in tandem with shifting digital behavior, that favors a direct-to-consumer experience. Last year, 46% of bank customers chose to forego a physical branch, preferring mobile devices and online applications. Financial institutions have taken note, with 42% of banks predicting "mobile banking to become their main form of customer interaction in the next three years." To improve these mobile services, financial institutions are sinking money into robotic process automation (RPA), and virtual assistants (upwards of $20 billion in 2017).
While these resources will streamline certain processes, they have the potential to introduce new vulnerabilities. The SWIFT Institute reports that "attackers have stepped up large-scale coordinated attacks on financial institutions' core networks, going for a few very large payouts instead of lots of small ones... as IoT botnets and mass distribution of sophisticated crypto-ransomware threaten to take banks offline." With these concerns at the forefront, the U.S. financial sector is predicted to spend $68 billion on cybersecurity, through the end of 2020.
Protecting Your Business
iCorps has a long history of exemplary IT service for clients in the financial services industry. We recently won the 2018 Microsoft US Partner Award for Modern Workplace - Security and Compliance. From banks to private equity firms, and more, our technical experts can help develop tiered strategies to safeguard your data, and transform your IT infrastructure. For more information, contact an iCorps expert today.