We don’t see threat actors as a group deciding to stop attacking the financial services sector. A win is too profitable, and the mere presence of threat signals can serve geopolitical goals. In other words, the financial sector will remain a key focus for cyberattacks and cyber fraud. Some threat actors unleash cyberattacks in pursuit of financial gain through malicious or nefarious means; others seek to destabilize a country’s financial system.
Our outlook for the financial sector is as follows.
Protect your data—someone else wants it
Financial services organizations hold valuable data on individuals, businesses, and government agencies. This is not going to change. Compromising such data enables threat actors to collect intelligence for direct attacks against victims or to use up-to-date data to attempt various types of financial and lending fraud against banks and insurance companies through identity manipulation.
For example, the use of stolen or falsified personal and business identities when applying for a loan—along with the increased use of mobile lending apps—is driving higher rates of lending fraud. LexisNexis found that smaller banks and credit unions (with under $10 billion in assets) along with digital lenders suffered losses of 6.9% of revenue in 2021 due to lending fraud, and larger banks with more than $10 billion in assets faced losses of 5.9% of 2021 revenue. Fraudsters are using stolen personal and financial data to apply for lending which results in funds being stolen from banks and credit unions.
Protect your financial resources—other people want to steal them
Financial services organizations are the mechanism by which financial resources are stored, transferred, and protected. This is not going to change, although newer forms of currency will be added to the mix. Threat actors will remain perpetually interested in gaining access to funds that do not belong to them. Phishing and business email compromise attacks will continue, along with threat actors impersonating and masquerading as trusted financial services firms to bypass security protections and consumer awareness to steal funds.
Internal threats remain too. When employees in trusted positions act with malicious intent within a bank or credit union, they cause financial damage at minimum and business closure at worst. This happened recently at a small credit union in the United States, where the CEO opened multiple unauthorized credit cards in her name and kept raising the credit limit. She alone had access to the credit card database and manipulated the interest rates and monthly payments in her favor. The $2.1 million she charged to the cards resulted in the closure of the credit union. She was one of only three employees at the credit union, the board trusted her entirely, and there were no checks and balances to ensure her actions were appropriate. The CEO was sentenced to more than four years in federal prison, followed by three years of supervised release including one year of home detention. Protecting against internal threats requires the design of strong organizational processes with appropriate checks and balances—even for employees in extremely high-trust roles.
Protect the availability and integrity of your systems—other people want to undermine them
Financial systems, networks, and interconnections facilitate the economic activities of individuals, organizations, and nations. Crippling or degrading the performance of these systems holds interest for nation-state actors to inflict economic pain and retaliatory pressure on other nations. For example, the Reserve Bank of Australia takes the view that a successful cyberattack against a significant financial institution in Australia is just a matter of time. There is so much threat activity happening that it is all but inevitable.
The potential of threats against financial institutions to undermine or destabilize a country was writ large from the early stages of the Russian war on Ukraine. Several financial sanctions were put in place against Russia, such as removing its access to the SWIFT financial network. Fear of retaliatory attacks by Russia against financial sector organizations across the world greatly increased, with federal and national agencies warning banks, credit unions, and organizations across other sectors to be in a state of heightened readiness to counter cyberattacks (e.g., CISA in the United States and the European Central Bank for European banks.)
Cyber Insurance Is Less of an Answer Going Forward
Finally, cyber insurance is getting more difficult and costly to secure, with insurers ramping up premiums for much less coverage. The growth in successful cyberattacks—particularly ransomware—has had a dramatic negative effect on the profitability of underwriters, and hence they are rebalancing their risk calculations. Firms in all sectors, including financial services, will need to ensure they have the right technology solutions in place to counteract threats that insurance coverage was previously used for.
If It's Not Cyber Insurance, Then What?
The high uptick in cyberattacks and threat actors against financial institutions is starting to affect how customers value trust in their banks. However, with cyber insurance becoming more costly, the only way to receive proper insurance claims for a cyberattack is by implementing the best solutions to prevent the risk in the first place. That is where multi-factor authentication comes into play - a strong security control that mitigates the damage and the chance for threat actors to compromise your customers' data.
Implementing multi-factor authentication will allow you to get the high premiums of cyber insurance while reducing the risk of being a cyberattack victim yourself.
Download the State of Multi-Factor Authentication eBook to explore the current state of MFA adoption, authentication methods, passwordless approaches, biometrics, and more.
