News |Cyber Security

2nd November 2021

Finance sector facing cyber attacks

The finance sector is increasingly at risk of being targeted by cyber criminals and hackers.

The 2021 Cybersecurity Census Report shows that, on average, finance companies each suffered approximately 60 cyber attacks over the past year. Cyber criminals typically target the finance sector via cyber attacks due to the vast amount of sensitive data that they hold.

Many of these attacks occur due to weaknesses in cyber security, for example employees reusing an existing password at work, or using login credentials such as ‘password’ that are easy to guess and hack. Others are due to system vulnerabilities or a lack of knowledge in knowing how to spot cyber attacks.

Some of the most common cyber attacks are:

  • Bots – automated programmes that can attack either directly through web requests to manipulate or disrupt a website, or indirectly, for instance through spam emails or by cracking passwords.
  • Ransomware – a type of malware that encrypts files and operating systems and can lock you out of your device. Until a ‘ransom’ is paid, the attacker keeps a hold over the system.
  • Web application attacks – web applications are easily accessible to hackers, who might trick users into clicking malicious links or install redirects.
  • Phishing – when users are targeted by email, telephone or text message and lured into providing sensitive data.

Financial institutions are also commonly being impersonated by cyber criminals who are tricking customers into transferring their funds into fake holding accounts. For instance, Monzo and Santander have received multiple fraud complaints due to criminals using phishing techniques on customers, baiting them with a text message and then holding long phone calls during which they convince victims to transfer all of their money into a ‘safe account’.

Combatting the risk of cyber attacks in the finance sector

In order to combat these cyber security risks, financial institutions must firstly ensure staff are trained to recognise attack attempts and know how to ensure systems are secure. Policies for locations and devices that staff can login from, as well as the level of access, can also minimise the risk of attack.

Investing into software such as anti-phishing web browsing software can also help prevent phishing emails from reaching employees’ inboxes. IT teams can put email and link filtering in place, making use of blacklists to block malicious content.

Conducting cyber security risk assessments is important in identifying threats and technology and software updates. Holding an audit or having an external professional scrutinise the cyber security of the institution can also provide an objective, thorough viewpoint into noticing blind spots and improving systems. Businesses should be thorough in making sure basic cyber security protections are put in place to protect data in the finance sector from cyber attacks.

“One of the main cyber risks for the finance sector is to think that cyber risks don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business whatever sector, and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.”

Larger financial institutions should go beyond installing basic systems. Antivirus software and secure VPN, systems such as Avast can all provide an extra layer of cyber security. Financial institutions must prioritise building a defence against advanced attacks and cyber security threats to the financial sector, so that these can be identified at an early stage.

Mitigation and prevention, as well as dealing with live attacks, is paramount within the finance sector. If an institution is armed with fraud prevention technologies, cyber criminals are more likely to be deterred from attacking. Therefore, installing security software that enables live detection alongside defensive walls against cyber threats is extremely important in ensuring that the internal and client-based information of the institution is protected.

If you require advice on cyber security systems or would like to know more about cyber threats to the financial sector, contact Cyber Risk & Security Consultant Graeme McGowan at graeme.mcgowan@esarisk.com, +44 (0)343 515 8686 or via our contact form.

cyber threat landscape

Threat Landscape 2022

Discover the key cyber security threats you need to be aware of this year in our Special Report.

What are you looking for?

Get the advice you need

Deep dive for the answers you need
Or contact us on +44 (0)343 515 8686 or at advice@esarisk.com.

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?