2
The finance sector is increasingly at risk of being targeted by cyber criminals and hackers.
The 2021 Cybersecurity Census Report shows that, on average, finance companies each suffered approximately 60 cyber attacks over the past year. Cyber criminals typically target the finance sector via cyber attacks due to the vast amount of sensitive data that they hold.
Many of these attacks occur due to weaknesses in cyber security, for example employees reusing an existing password at work, or using login credentials such as ‘password’ that are easy to guess and hack. Others are due to system vulnerabilities or a lack of knowledge in knowing how to spot cyber attacks.
Financial institutions are also commonly being impersonated by cyber criminals who are tricking customers into transferring their funds into fake holding accounts. For instance, Monzo and Santander have received multiple fraud complaints due to criminals using phishing techniques on customers, baiting them with a text message and then holding long phone calls during which they convince victims to transfer all of their money into a ‘safe account’.
In order to combat these cyber security risks, financial institutions must firstly ensure staff are trained to recognise attack attempts and know how to ensure systems are secure. Policies for locations and devices that staff can login from, as well as the level of access, can also minimise the risk of attack.
Investing into software such as anti-phishing web browsing software can also help prevent phishing emails from reaching employees’ inboxes. IT teams can put email and link filtering in place, making use of blacklists to block malicious content.
Conducting cyber security risk assessments is important in identifying threats and technology and software updates. Holding an audit or having an external professional scrutinise the cyber security of the institution can also provide an objective, thorough viewpoint into noticing blind spots and improving systems. Businesses should be thorough in making sure basic cyber security protections are put in place to protect data in the finance sector from cyber attacks.
“One of the main cyber risks for the finance sector is to think that cyber risks don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business whatever sector, and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.”
Larger financial institutions should go beyond installing basic systems. Antivirus software and secure VPN, systems such as Avast can all provide an extra layer of cyber security. Financial institutions must prioritise building a defence against advanced attacks and cyber security threats to the financial sector, so that these can be identified at an early stage.
Mitigation and prevention, as well as dealing with live attacks, is paramount within the finance sector. If an institution is armed with fraud prevention technologies, cyber criminals are more likely to be deterred from attacking. Therefore, installing security software that enables live detection alongside defensive walls against cyber threats is extremely important in ensuring that the internal and client-based information of the institution is protected.
If you require advice on cyber security systems or would like to know more about cyber threats to the financial sector, contact Cyber Risk & Security Consultant Graeme McGowan at graeme.mcgowan@esarisk.com, +44 (0)343 515 8686 or via our contact form.
Threat Landscape 2022
Discover the key cyber security threats you need to be aware of this year in our Special Report.