What are the Main Cyber Threats in Financial Services?

Reports say that more than 80% of financial service institutions have reported increasing cyberattacks

The financial sector makes up for 13% of all-time successful cyberattacks and is among the top five most-attacked sectors

What are the most significant cyber security threats to the financial sector institutions and what are the consequences?

Who are the Threat Actors?

Financial institutions are leading targets of cyber attacks. Cybercriminals can profit through theft, fraud and extortion. 

Given the statistics, it may seem that attacks on financial institutions are inevitable. Institutions should focus on “when they are attacked” instead of “if they are a target.” 

Cyber threats to financial services

Cybercriminals, Insiders, And Fraudsters

Motivation: These attackers seek huge financial gains and are motivated by profit. 

Capabilities: These attackers use custom tools and social engineering.

Goals: Financial gains through fraudulent wire transfers, cash, and credential theft.

Cyber threats to financial services

Hackers And

Motivation: Curiosity, attention, vengeance, social justice, and provocation.

Capabilities:  Off-the-shelf tools, basic scripts, or web resources.

Goals: Low-impact damage and disruption of services: data leaks, DDoS, defamation.

Cyber threats to financial services

State-Based Actors And Spies

Motivation: Nationalism, commendation for defense or offense against state adversaries.

Capabilities: Persistent adversaries with resources to try a variety of attack vectors.

Goals: Destruction and damage including as data corruption, espionage, and targeted physical damage.

How Can Financial Services Organizations Mitigate Human Risk?

See our Financial Services page to check security awareness solutions tailored to the industry, as well as the benefits of promoting long-lasting good cybersecurity behaviors that reduce human risk inside your organization.  

Cyber Security Threats in Financial Services

Phishing Attacks

Phishing, emails which appear to be from banks or government agencies, urge the receiver to click on links or attachments that contain malware. These links and malware are designed to give the attacker access to data and systems. The best defense against phishing attacks is education. Employees should learn to recognize and report fraudulent emails. 

Ransomware Attacks

Ransomware, is a cybercrime where files are encrypted, and users are locked out, with criminals demanding money to re-access the system. Often when the ransom is paid, the system is not restored. The best defense against ransomware attacks is regular system backups onto hardware.

Credential Theft

By stealing credentials such as log-in information, user names, and passwords,  criminals can acquire access to a company’s systems or networks and transfer money,  initiate insurance scams, and even disseminate dangerous links among other employees. 

The best defense against credential theft is two-factor authentication and passwords of at least 12 characters with a combination of letters, numbers and symbols.  

Banking Trojans

Banking trojans are malware that once installed on a computer will wait for the victim to log in to an online bank account. Once this occurs, the trojan will capture the user’s password and gain access to the account. 

The best defense in preventing banking trojans is to install malware scanners, antivirus software or web application firewalls. 

Distributed Denial Of Service (DDoS) Attacks

By flooding a service network and its surrounding infrastructure with internet traffic, attackers can take advantage of security vulnerabilities and device weaknesses to control devices and software. 

DDoS-for-hire services have recently made off-the-shelf toolkits available to attackers who would not otherwise have had access to such an attack.