The financial services industry is under fire, facing a never-ending barrage of cyber-attacks. Consider the following:
- The financial services industry is the most breached industry, accounting for 35% of data breaches – Verizon 2016 Data Breach Investigations Report (DBIR)
- 68% of financial services firms experienced multiple successful attacks – 2016 Cyberthreat Defense Report
It’s no surprise that cyber criminals target the financial services industry. After all, that’s where the money and data are. Cyber criminals can easily monetize the wealth of data financial institutions collect – either by selling that data on the dark web or using the data to conduct fraud.
Today, financial services firms fight an escalating and asymmetric war against cyber-attacks and internal threats. To effectively prioritize cyber defenses, financial institutions must understand the cyber threats they are up against. Let’s take a look at four cyber security threats financial services firms must address:
- Web application attacks
To meet today’s customer expectations and grow revenue, financial institutions are undergoing a digital transformation. Digital channels like online banking, Internet brokerage and mobile payments not only help win, serve and retain customers, they also increase the attack surface. In fact, web application attacks were the number one source of data breaches for financial services firms, accounting for 82% of data breaches (source: 2016 Verizon DBIR). Cyber-attackers either exploit a known vulnerability in the web application or use stolen account login credentials to takeover a user’s financial account.
The best defense against web application attacks is to invest in a web application firewall(WAF), which can protect against the industry recognized Open Web Application Security Project (OWASP) Top 10 list. With 63% of confirmed data breaches involving weak, default or stolen passwords (source: 2016 Verizon DBIR), financial institutions must combine threat intelligence with a WAF to protect against account takeover attacks and stop fraud before it happens.
- Distributed Denial of Services (DDoS) attacks
DDoS attacks are one of the most common attacks launched against financial institutions. According to the 2016 Verizon DBIR, DDoS attacks were the number two security incident for the financial services industry, accounting for 34% of security incidents. (Web application attacks were the number one attack method, accounting for 48% of incidents.) Cyber criminals employ DDoS attacks for extortion, to impede business operations, or as a smokescreen for committing fraud and other more nefarious activities. With today’s connected and always-on economy, DDoS attacks are a huge problem for financial services firms of all sizes. It’s essential for financial services organization to develop a DDoS response plan to defend against DDoS attacks.
- Data Theft or Breach
Protecting data is a top priority for financial services. And not just because many data protection and data privacy regulations mandate that financial institutions do so. Safeguarding sensitive data that customers have entrusted to a financial institution is just good business. But current data protection mechanisms are failing. Consider the following data points from the Verizon 2016 Data Breach Investigations Report for Financial Services:
- In 86% of cases where data was stolen, financial sector systems were compromised in minutes or less.
- In 69% of cases, financial services victims didn’t discover a security incident for weeks or months.
Cyber criminals use multi-stage attacks to infiltrate and then move laterally until they get what they’re ultimately after – data. As these attackers grow more sophisticated, financial institutions must adopt comprehensive data protection that includes database activity monitoring (DAM) and data masking. DAM solutions provide visibility into who accesses what data, which is a pre-requisite for detecting abnormal activity. Data masking solutions reduce the risk of data breach by replacing sensitive data in non-production environments with realistic, fictional data.
- Insider Threats
Insiders – employees, contractors and partners – pose a significant risk to financial institutions. 97% of U.S. financial services organizations report that they are vulnerable to insider threats (source: 2015 Vormetric Insider Threat Report). These users have legitimate access to systems and data. And they are already inside the secure perimeter.
While some insiders are malicious, they are also the targets of cyber criminals. Attackers phish, scam and social engineer end- and privileged users to steal credentials and gain unauthorized access to applications and data. The Imperva Defense Center report on phishing attacks in banking illustrates the effectiveness of these phishing campaigns. Consider the following:
- 30% of phishing messages were opened – up from 23% in 2015
- 12% of targets clicked to open the malicious attachment or link (source: 2016 Verizon DBIR)
To mitigate the risk of malicious, compromised or careless insiders, financial institutions must move beyond traditional endpoint and perimeter security. The key to uncovering insider threats is understanding the context of data access: Who is accessing the data? What data are they accessing? Is this access okay? The ability to discern between normal and anomalous data access behavior requires this knowledge.
The repercussions from a security breach for financial institutions are far reaching. Not only are there financial losses, but reputational damage and lost customer confidence can impact a financial services organization that is not properly equipped to handle today’s cyber threats. Understanding the cyber threats facing the financial services industry is an essential step to prioritizing and implementing mitigation strategies.
Learn more about how to defend against cyber threats with industry-leading solutions from Imperva.