According to a survey carried out by Vmware, there was a 238% increase in cyberattacks targeting financial institutions during the first half of 2020. This includes accounting, investment, insurance, and consulting firms.
As you would expect, cyber-criminals target financial institutions because they hold large amounts of sensitive data, which they can either sell or use for their own purposes.
In some cases, adversaries will target these institutions in order to cause disruption to the financial system of a given nation, hence why it is crucially important that they know what threats they are faced with, and how to defend against them.
Common Cyber Threats to Financial Services
Below is a round-up of the most common attack vectors used to target the financial services industry.
1. Business Email Compromise
Business email compromise (BEC), also known as CEO fraud, is a type of scam that targets companies that send money via wire transfers. According to the following article, Virtu Financial lost approximately $7 million due to BEC in May 2022. An executive’s email account was hijacked by an adversary who used the account to send fraudulent emails to the company’s accounting department, resulting in two wire transfers to a bank in China. To prevent BEC attacks, employees (including executives) need to be trained to identify suspicious emails, use application-based multi-factor authentication (MFA) and virtual private networks (VPNs), and use encryption to authenticate emails.
Ransomware is a form of malware that encrypts the victim’s files, and then requests a payment (usually in Bitcoin) for the decryption key. A small Canadian financial services firm was hit by ransomware in May 2021, according to the following blog post. Since Ransomware distributors target unsuspecting employees, it’s very hard to defend against without extensive security awareness training. In addition to training employees to identify suspicious emails, the company must use the best antivirus software, have reliable backups of their data, ensure that patches are installed as soon as they are available, and use a real-time monitoring solution that can detect and respond to anomalous file encryption.
3. State-Sponsored Attacks
Given that banks and other large financial institutions are crucial to the functioning of a nation, they are a prime target for cyber-criminals. Attacks are carried out either by foreign governments or activists. According to an article by Reuters, banks are being increasingly targeted by state-sponsored actors. There isn’t a simple solution when it comes to protecting your company from state-sponsored attacks, as the attackers are usually very sophisticated, and will try a broad range of attack methods.
4. DDOS Attacks
A distributed denial of service (DDoS) attack is a type of cyber-attack where adversaries compromise multiple servers, and then use these compromised servers to flood a target network with traffic in order to cause disruption and even network failure. According to Boston Consulting Group research, financial service firms are up to 300 times more likely to experience a cyber-attack per year compared to companies in other industries. Due to the nature of DDoS attacks, they are very hard to defend against. That said, web application firewalls (WAFs) are able to differentiate between DDoS attacks and legitimate traffic.
5. Application Vulnerabilities
According to an annual security report by Akamai, 94% of observed cyber-attacks in the financial sector were caused by application vulnerabilities. Such vulnerabilities expose financial institutions to SQL Injection (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), and OGNL Java Injection attacks. Application developers must be extra vigilant when developing public-facing websites and applications. All database queries must be properly sanitized before they can interact with the database.
How Lepide Helps Financial Services Companies Keep Data Secure
The Lepide Data Security Platform focuses on combining identity and data security into a single platform. The benefit of this approach is that by using Lepide, businesses can ensure that they have the visibility they need over what’s happening to their Active Directory and their sensitive, unstructured data.
With detailed Active Directory auditing and intelligent threat modeling, Lepide gives businesses the ability to detect and react to external threats, like ransomware, which most often target Active Directory as the primary attack path. Organizations can also spot permissions sprawl, privilege abuse, and other forms of governance issues.
Combine this with the ability to track what users are doing with sensitive data and, with Lepide, you can ensure internal security threats, such as rogue admins, compromised user accounts, and more are detected and shut down in real-time.
Simply put, Lepide gives you visibility over where your sensitive data is, who has access to it, and what users are doing with it, all in one powerful, simple, and scalable solution; the Lepide Data Security Platform.