Cyber-attacks in the financial sector are a growing global threat. For more than a decade, LookingGlass has been monitoring and identifying cyberthreats. We have recorded an increasing number and severity of cyber-attacks against the financial services sector. Because of the data involved in financial transactions, breaches in this sector can be particularly problematic.
What kind of financial services companies are most targeted by cyber threat actors?
While generally thought of as a highly sophisticated sector that adopts and deploys innovative technologies to serve their customers, the reality is that the financial services sector is composed of more than the major brand name banks. Also included in the industry are credit unions, payment processors, and investment advisors, and financial brokers.
Cyber-attacks hit financial services firms 300 times more than other companies. Financial institutions have troves of sensitive data that can be sold easily on the dark web, making financial companies prime targets for malicious cyber-attacks. In fact, cyber-attacks against the financial sector increased 238% globally from the beginning of February 2020 to the end of April 2020.
Current Cyber Threat Landscape for Financial Service Companies
The pandemic changed everything. Remote working increased, which opened the door to additional vulnerabilities introduced on home and personal networks. In addition, the financial industry relies heavily on third-party vendors and supply chain partners, as well as a cybersecurity talent and cyber education shortage that’s impacting all industries.
Transition and disruption are common themes that threat actors take advantage of – they shifted their techniques to target employees through pandemic-themed phishing and social engineering campaigns and capitalized on the stress and anxiety of the pandemic situation.
The top three reasons cybercriminals are motivated are financial gain, espionage, and ideological reasons. Hacktivist groups pose a serious security risk to the financial services sector’s ability to give attackers peak exposure while causing massive disruption in operations. From 2012 to 2013, the financial sector experienced what some believe as the longest cyber-attack in history, with hacktivists taking down U.S. Bank, PNC Bank, Wells Fargo, Bank of America, and Chase for the sole purpose of disrupting online financial services.
For more details, download our Financial Services Threat Brief. It provides an overview of threats LookingGlass has observed over the past year from our external attack surface management solution and from open-source research and intelligence analysis used to support our customers.
Financial services organizations can use this information to better understand adversary/actor profiles, motivations/objectives, and the types of threats and tactics used by adversaries targeting the sector. Download the report here.