Financial institutions are some of the most heavily targeted organizations by cyber criminals, and it’s easy to see why; financial institutions have the most to lose. Reputation is king in financial institutions since they can only function with an underlying consumer trust in the safe handling of their monetary assets, and data breaches typically incur immense reputational harm to the vulnerable organization. This year, we published a piece on the 6 Top Cybersecurity Trends for 2021, and while the financial industry does have unique risks, many of the threat types are shared across organizations of all types. The biggest differentiator is the fact that financial institutions have by far the greater risk when compared with other business types, given the immense financial and reputational harm that would follow a successful attack. Keep that in mind as we go through the biggest cyber threats facing financial institutions.
Insider Threats
Insider threats are a constant weight on the mind of most CISOs, and for good reason. It can be difficult to entrust the keys to your proverbial kingdom to an employee or contractor you may not fully know. According to TechJury, 34% of businesses globally are impacted by insider threats every year. Institutions driven by providing financial services must be particularly vigilant to insider threats, since the incentives for malicious activity may prove more tempting than in other businesses. Detecting possible insider threats by flagging suspicious, troublesome, and risky behavior is only a small part of what it takes to enact a successful insider threat protection program, but it’s the first step in minimizing that risk. It’s also worth remembering that insider threats don’t necessarily have to be malicious, either; data can be permanently lost or publicly exposed by server misconfiguration, use of default passwords, poor data hygiene practices, and more.
Ransomware
With ransomware being a favored extortion tactic by malicious actors in recent years, thorough incident response and data restoration controls are a must, given the immense harm that could be done to a financial institution for a permanent loss of data. Since ransomware has proven to be such an effective (and profitable) tool for cyber criminals to deploy, we predict that ransomware will continue to be a heavy favorite. The best way to protect your data from ransomware attacks are to practice rigorous data backup and retention policies, focusing on maintaining high availability of your infrastructure to be able to continue providing service in the case of an attack.
Phishing and Social Engineering Attacks
In IBM’s 2020 Cost of a Data Breach report, Phishing attacks and social engineering attacks account for 14% and 3% respectively as the root cause of all data breaches. It’s a common refrain that the user is the weakest link in your cybersecurity program, and for good reason. All the security tools, policy documents, and best practice policies aren’t worth anything if a privileged user gets phished the wrong a malicious user gets administrative access to your most prized systems. It’s also extremely difficult to proactively detect these kinds of attacks, since unless the phished user reports to event or if the malicious user trips any suspicious activity monitoring systems in place. The best solution is a preventative one, and it involves a continuous effort to educate employees on the basics of security awareness and anti-phishing best practices and even then, it’s not guaranteed to prevent an attack. Even the most security-conscious users can fall for extremely well disguised social engineering attacks.
Balancing the constant pressure of ever evolving cybersecurity threats and business priorities has been challenging for years, but especially so in the last two years. The most important thing in reducing organizational risk is to focus on improving baseline cybersecurity performance, and to prioritize shoring up any weaknesses to those risks. CnSight looks from within your organization, providing an executive-level cyber risk, effectiveness, and performance management view that works especially well for financial service providers. Our solution uses Cybersecurity Performance Indicators (CPI) to evaluate aspects of your cybersecurity program and their activity to determine which ones are strong or vulnerable. CnSight helps baseline and prioritize what is important to the business, ensuring alignment with organizational goals and risk appetite.