The financial services industry continues to remain the most targeted industry. Attackers target financial institutions to steal employee, customer, and business data. During the Covid-19 pandemic attacks targeting the financial sector have grown by 238%, according to VMware Carbon Black threat data. Below are four critical cybersecurity threats for the financial service industry.
Identity Theft
With the advent of Covid-19, employees of financial institutions are forced to adopt work from home policies and thereby increasing attacks targeted to these remote workforces with primary focus to steal credentials identities. Malwares like Cerebrus exploited the panic situations introduced by the pandemic to steal financial information like credit card details. Some of the key areas to reduce risk arising out of successful identity or credential theft attacks will be as below.
- Ensure that all employee systems are running endpoint security applications
- Ensure the systems are running updated patches
- Ensure that all employee systems are monitored for security incidents
- Ensure that Multi Factor Authentication is used for critical accounts
- Ensure that password length and complexity is enforced
- Ensure that Anti phishing and Web filtering solutions are in place and these technologies are monitored for potential breaches.
- Ensure that all employees are trained for cybersecurity best practises
Data Theft
Adoption of cloud has introduced a new attack vector, and this had been exploited for data theft and manipulation.2019 saw the infamous Capitol one breach due to a misconfigured AWS S3 bucket and which affected more than 100 million customers in North America. Some of the best practises for security to be followed to avoid data theft scenarios are as below:
- Ensure a periodic review of access policies and access controls are in place
- Ensure least privilege policies are followed
- Ensure critical data is always protected in transit as well as at rest
- Ensure period compliance and vulnerability scans are run across the systems
- In case of adoption of DevOps methodology, ensure that vulnerability and compliance checking is embedded into the process
- Ensure periodic penetration testing is performed in systems associated with critical data
- Ensure all systems and resources in the data path is monitored for security incidents
- Ensure that a detailed and well tested Incident Response plan is in place
Ransomware
During Covid-19, the cybersecurity risk faced by the financial services sector has grown in significance and a major security concerns is Ransomware. Covid-19 themed messages is gaining increased usage to lure end users to click on attachments related to Ransomware campaigns. business in 2020, the average ransom demand increased by 172% as per report from Palo Alto. Following are the recommended security practices to prevent successful ransomware attacks in your organization:
- Ensure that a well-tested backup policy is in place with three separate versions of data on two different storage types with at least one offsite
- Ensure a robust patch management policy with patching in time of all operating systems and applications
- Ensure that an effective email filtering solution is in place to block malicious executables, spam, phishing emails etc
- Ensure that least privilege policy is followed for access to critical data
- Ensure that employees are trained on security best practises
- Ensure that systems are monitored continuously for security incidents
- Ensure that only authorized applications are run on the systems by employing whitelisting capabilities at endpoints
- Ensure that logical separation of networks is implemented to prevent the spread of ransomware.
Third Party Attacks
A third-party attack or supply chain attack utilizes access to your organization through a third party who has been previously provided with this access. Recent SolarWinds attack has showcased the increasing sophistication and planning behind these attacks. With an increasing number of partners and service providers, this remains one of the more serious threats to a financial institution. Below will be recommendations to ensure that any risks associated with such attacks are addressed proactively
- Know all the third parties which connect to your network
- Ensure that a periodic risk assessment is performed to all the third-party interfaces to your organization
- Ensure that the organizational incident response plans include the third-party details