Addressing Cyber Security Threats to the Financial Sector

Overview

As with all cyber threats, the likelihood of a cyber attack on the financial industry is not a case of if but a case of when; as reported by the IMF, the threat posed by ‘a major cyberattack… to financial stability is axiomatic.’ Indeed, in recent years, the financial and banking industry have seen a surge in the frequency and sophistication of cyber attacks. Unsurprisingly, the cost of a breach is extremely high in this sector, the average cost amounting to around £4.86 million.

This report provides an overview of the top cyber threats to the industry and recommendations on how financial institutions can improve their cyber security.

Types of Attack

Overview

In the financial sector, the types of threat remain similar to other industries, although the consequences of a breach differ in that they are more likely to not just impact the targeted organisation, but also impact the wider economy as a whole.

Here are some of the main types of cyber attack that threaten the finance industry:

Phishing Attacks

Phishing attacks are one of the most common types of cyber attack deployed by cyber criminals and they’re becoming increasingly advanced. Spear phishing, a type of phishing attack that involves prior research to create a more targeted and convincing attempt, is also becoming more common.

For example, in 2021, phishing scams targeted around 790 banking customers of OCBC, a Singaporean Bank, which ultimately led to a loss of an estimated $13.7 million.

Fraud & Identity Theft

In relation to phishing, fraud and identity theft are another huge threat to the financial industry. In 2022, the BBC reported that people in the UK lost £1.2bn to fraud. While banks and the finance sector have spent billions on detecting and preventing fraud, the majority of fraud originates outside the banking system, highlighting the need for there to be cross-sector engagement when seeking to prevent this kind of threat.

Ransomware

Ransomware is a type of malware that encrypts or steals an organisation’s data and only offers it in return in exchange for a ransom. In the financial sector, ransomware attacks could cause huge disruptions to organisations and their customers, as well as potentially resulting in reputational damage and regulatory fines. According to SOPHOS, 55% of financial service organisations were impacted by at least one ransomware attack in 2021. Of those impacted, 85% claimed the resulting impact lost the organisation business/revenue.

DDoS Attacks

Distributed Denial of Service attacks are a common threat to the financial sector. Indeed, the finance sector appeared in the top three most targeted industries for DDoS attacks in 2021. These attacks consist of an attacker sending large amounts of traffic to overwhelm the target’s infrastructure, leading either to extreme latency or an inability to carry out usual operations. The financial services sector in the US has been targeted by DDoS attacks for many years, costing tens of millions.

Cryptojacking

The generation of cryptocurrencies such as Bitcoin require huge computational power, which can be expensive. Crypto miners have been known to hack into organisation’s networks and utilise their devices to mine cryptocurrency, utilising anything from mobile phones to network servers. This can lead to latency issues and an increase in energy costs due to the intensive nature of cryptomining. With SonicWall reporting a 269% increase in cryptojacking attacks across the financial sector, it clearly is a significant threat that needs to be addressed.

Threat Actor Profiles

Cyber Criminals

Cyber Criminals are unsurprisingly one of the main culprits when it comes to cyber attacks on the financial sector. The largest motivation for an attack is usually money, which may be achieved through a ransomware attack or phishing. Cyber criminals may be hired by other malicious actors to carry out the attack, such as nation-states.

Nation-States

Nation-States with malicious intent can also be responsible for cyber attacks on financial organisations. Motivations are varied but they usually aim to destabilise the targeted country’s economy. For example, North Korea are thought to be responsible for multiple attacks, including the 2016 Bangladesh cyber-heist, where an attempted $1 billion dollars was attempted to be withdrawn from the central bank of Bangladesh.

Terrorist Groups

Similar to the motivations of nation-states, terrorist groups may launch cyber attacks to destabilise their targets and bring down vital financial infrastructure. While there are currently few significant examples of what can truly be defined as cyberterrorism, the growing sophistication of cyber attacks highlights that this risk should not be ignored.

Costs

A cyber attack can lead to financial loss due to disruptions of usual services. For example, a ransomware attack may lock down an organisation’s data and prevent them from being able to operate, and, therefore, lose business. In addition, ransomware attackers demand a payment or ransom in order to unlock affected systems or to not expose sensitive data, which, again, can cost businesses millions. Fraud can also lead to significant financial loss.

Immediate Impact

The average cost of an attack is 40% higher for financial services compared to other sectors according to a report by Accenture. Here are just some of the costs that feed into the overall impact of a breach.

Regulatory Fines

The Information Commissioner’s Office (ICO) has the power to issue substantial fines to organisations that suffer data breaches as a result of cyber attacks if they are found to have failed in their duty to protect personal data. An ICO fine can have serious financial implications for a business, especially a small or medium-sized enterprise.

For serious breaches within the UK, the ICO have the power to issue fines of up to £17.5 million or 4% of your annual worldwide turnover, depending on which is higher. The ICO focuses the use of its enforcement powers on cases involving recklessness or deliberate harm, their approach will be proportionate on a case by case basis. The ICO considers the amount of time the threat went unnoticed, the measures in place to prevent a breach, as well as the kind of data compromised. The more negligent and damaging these factors are, the heavier the fine. However, the ICO are unlikely to take enforcement action against any organisation genuinely seeking to comply with the provisions of the legislation.

Reputational Damages

The cost of a breach is also often exacerbated by the resulting loss in customer trust in an organisation. If customers feel their sensitive data and, particularly for the finance sector, their money is accessible to cyber criminals, then they are unlikely to wish to use or continue to use that organisation. Indeed, a report found that around 40% of the costs of a cyber incident stem from reputational damage, with Forbes stating a cyber attack can lead to a 7% fall in a company’s share price.

Mitigation: A Preventative Approach

Software Updates

Many breaches are made possible due to existing vulnerabilities within an organisation’s network. Ensuring rigorous standards of keeping all software updated as part of a scheduled patch management process can help fix vulnerabilities before they are exploited by adversaries.

Multifactor Authentication (MFA)

Implementing MFA is strongly advised by cyber security professionals. It provides organisations with extra layers of security rather than simply relying on passwords as a form of authentication. MFA could utilise mobile devices, time-based one-time passwords (TOTP), as well as multiple other kinds of authentication. However, MFA does not offer complete protection, as showcased by the MGM Resorts attack where the cyber attacker was able to get around the MFA measures in place.

Cyber Awareness

1 in 3 cyber attacks occur as a result of phishing. Ultimately all cyber attacks come down to some form of human error and we all have a responsibility to bare when it comes to cyber security. Raising employee awareness on things like how to identify phishing attacks and overall cyber housekeeping can help organisations address these risks.

Identity and Access Management (IAM)

IAM tools are becoming increasingly popular and for good reason. They provide organisations with a centralised platform to implement access controls, helping reduce the risk of a breach. However, if not managed properly, IAM platforms also present a huge cyber security risk if a breach occurs. This is because, once in, cyber attackers can potentially alter access controls

How Telesoft’s Solutions Help Fortify Cyber Security

Overview

Telesoft Technologies are a UK-based cyber security and network monitoring company with 34+ years of experience. Primarily working with governments and tier-one telecommunication organisations, we specialise in producing high-rate, bespoke solutions tailored to every organisation we work with. Backed by our team of talented engineers, who recently enabled us to achieve 400GbE, we have the capability to tailor our solutions to address your organisation’s needs.

TDAC Platform

The TDAC Platform is the complete solution for network monitoring, threat detection, and data retention. Powered by our latest FPGA-enhanced developments, the TDAC Platform consists of our suite of powerful probes and sensors, providing full network visibility at line-rate (L2-L7). Combined with machine learning algorithms and the latest threat intelligence, the TDAC Platform allows cyber analysts to work efficiently and effectively.

Capable of storing petabytes worth of data for 12+ months, the TDAC Platform also provides analysts with the capability to carry out historical analysis across stored data. Performing full line-rate intrusion detection, the TDAC Platform provides users with real-time updates of detected threats via the ‘single pane of glass’ monitoring interface.

UK Managed SOC Service

Our UK Managed SOC Service provides organisations with the reassurance of their network being monitored 24/7 by our expert team of cyber analysts. Utilising the latest threat intelligence and threat hunting capability, our team will monitor your network for suspicious and malicious activity, alerting within as little as 15 minutes depending on severity.

Our analysts will also continuously assess your network for vulnerabilities, offering remediation advice on any threats or vulnerabilities detected to elevate your organisation’s cyber security posture.

Summary

The rise in sophistication and frequency of cyber attacks poses a significant threat to the financial sector. As highlighted in this report, the financial sector is a popular target for cyber attackers and the costs of a breach are more significant than in the majority of other sectors.

While preventative measures such as implementing MFA and raising cyber awareness play an important role in reinforcing cyber security, organisations need to be prepared for the ever-increasing eventuality of a breach.

Telesoft’s range of advanced cyber solutions help organisation’s detect the early signs of a breach and provide remediation advice to stop the threat from escalating. Paired with the preventative approaches suggested in this report, organisations within the financial sector can significantly increase their cyber security posture and mitigate against the risks posed by a cyber attack.