Six ways financial institutions can guard against the latest cyberattacks

Cyberattacks have risen dramatically year-over-year since 2020, aided largely by artificial intelligence and focused largely on financial institutions, which reported the second highest number of data breaches of any sector globally. Hardest hit were the US, Argentina, Brazil and China. We expect to see the highest increase ever once all the data for 2024 is analyzed. Internet of Things (IoT) cyberattacks alone are expected to double by 2025.

The leading cyber threats to FIs

1. Phishing

Almost half of phishing attacks worldwide target financial institutions. In just the first six months of 2021, phishing attacks in the financial sector increased by 22% over the same period in 2020. Phishing attacks play on people’s anxieties by aligning with global disasters like the COVID-19 pandemic and increasing immigration. Phishing attacks on FIs are getting more sophisticated and so are harder to spot. Examples include:

-  Fake banking websites. FIs should warn their customers never to click on a link in an email—they should always type the bank’s name into the browser or use a bookmark they themselves have saved.

Reminding your customers never to click on links in emails can help protect them (and your FI) from phishing losses.

- Mobile banking trojans, malware designed to collect online banking credentials and other sensitive information from infected devices. Once an attacker has this data, they can use it for various types of fraud.

- Business email compromise (BEC) fraud, where real email accounts are compromised to request urgent wire transfers or sensitive information—sometimes in reply to a genuine email thread. FIs can fight this with strict controls that prevent accidental approval of fake invoices, payments and wire transfers.

2. Ransomware‍

A 2023 survey showed that the rate of ransomware attacks in financial services rose to 55% in 2022 and to 64% in 2023—almost double the 34% reported in 2021.

In a ransomware attack, cybercriminals lock victims out of their computers by encrypting them with malware, essentially holding them hostage until a ransom is paid. With ransomware attacks now evolving into data breach territory, a successful attack could have wider implications on regulatory compliance standards. The FBI strongly discourages FIs from paying ransoms. More than half of FIs follow this guidance, containing their overall damage costs, even if the seized data is ultimately compromised.

The FBI strongly recommends against paying ransomware demands. More than half of FIs follow this guidance, containing their overall damage costs.

The most effective solution against ransomware for FIs is strengthening data encryption.

3. Vector attacks (SQL injections, Cross-Site Scripting, Local File Inclusion and OGNL Java Injections) ‍

An attack vector, or threat vector, is a way for attackers to enter a network or system. An effective information security strategy is to close off attack vectors whenever possible. Common vector attacks include:

- Social engineering attacks, in which victims are manipulated into handing over sensitive information that can be used for malicious purposes

- Credential theft, or stealing someone’s proof of identity

- Vulnerability exploits, which are pieces of code designed to find and take advantage of security flaws and, in some cases, install malware. To fight exploits, FIs should keep their systems and software up to date, use a firewall and intrusion detection software, use robust security solutions and education your employees about security.

- Insider threats, or risks from an employee. When someone is suddenly working extra hours, accessing different files, downloading large amounts of files and using storage devices, you may be facing this.

Related: The evolving security landscape of ATMs

4. DDoS attacks

In distributed denial-of-service (DDoS) attacks, a server is overwhelmed with fake connection requests, forcing it offline. This is often used against FIs because there are so many ways in: customer accounts, payment portals, IT infrastructures and more. DDoS attacks through payment processes and in combination with ransoming are rising.

FIs can protect against DDoS attacks by conducting frequent risk assessments, penetration tests and DoS simulations to uncover and address such vulnerabilities.

5. Supply chain attacks

Supply chain attacks are targeted through third-party vendors with weaker security protocols than yours. It comes down to this: if your vendors’ security protocols aren’t as strict as yours, your FI is vulnerable through them.

To defend against supply chain attacks, FIs should implement a zero trust architecture with secure privileged access management policies.

6. Bank drops

Cybercriminals are increasingly storing stolen funds in fake bank accounts (also called “bank drops”) using stolen customer credentials—driver’s licenses, dates of birth, social security numbers, etc. They often source this data via the dark web.

To avoid the financial and legal repercussions of bank drops, FIs should maintain high levels of scrutiny of new customer credentials.

Are you taking these steps to reduce your risks of cybercrime?

Here are four recommendations for protecting your FI:

•  Leverage the cloud

Cloud data storage and processing capabilities can provide a competitive edge in scalability, flexibility and cost-effectiveness. But is the public, private or hybrid cloud environment you choose as secure as you need it to be? Your cloud security strategy should include comprehensive data inscription to protect data at every juncture, plus stringent identity/access control systems and zero-trust security models.

• Up your ransomware preparedness

Ransomware attacks are adapting to stay ahead of FIs security efforts, and FIs need to up their game to win the war. This means multi-layered defense strategies with advanced intelligence systems, regular security audits and proactive threat identification tactics.

• Tighten loopholes in vendor security

Every vendor relationship introduces a potential avenue for cybersecurity risk. FIs should extend their vendor risk management systems beyond initial security assessments; they should include continuous monitoring through regular security audits. The most successful vendor risk systems thoroughly incorporate vendor security into an overall plan.

• Upgrade compliance systems and training

Staying abreast of regional, national and international regulations is complex and challenging, but it is essential to stem cybercrime. This means staffing a dedicated compliance team to keep up with evolving requirements or outsourcing to a virtual compliance service. It also calls for consistent training and awareness programs for all employees.