Why Cyber Attacks on Banks Are The Biggest Security Threats to The Financial Sector

Highlights:

• Banks are 300% more likely to be attacked than the average industry and were the most attacked vertical in 2019
• Cyber attacks on banks have increased dramatically since COVID
• Banks were already not putting in place proper protections
• According to Jamie Dimon of JP Morgan, the biggest threat to the financial industry is the “threat of cybersecurity”
• COVID will make it harder and banks aren’t spending, doing enough
• Follow PWC recommendations by adopting cloud-based security for the top threat resulting in breaches today—emails

More Money, More Problems

Since the beginning of the COVID-19 pandemic, banks have been the recipient of an onslaught of cyber attacks. Many of the attacks are COVID-related in nature. That’s why there’s been a 238% increase in cyberattacks against banks, according to a report. There are many individual instances, but we have highlighted a few key takeaways:

• Two major institutions were leveraged in bank cyber attacks. Wells Fargo was targeted by a phishing attack where a malicious website resembling the bank's site was masked in an innocuous-looking calendar invite. Bank of America was spoofed in an email that looked like a request to update the customer's email address.
• Some 7.5 million users of the fintech app Dave had their data exposed, and that data remains publicly available on a hacking website.

In the wake of the influx in COVID-related hacking, the Office of Compliance Inspections and Examinations (OCIE), a division of the SEC, has, according to a release, “observed an apparent increase in sophistication of ransomware attacks on SEC registrants, which include broker-dealers, investment advisers and investment companies. The perpetrators behind these attacks typically demand compensation (ransom) to maintain the integrity and/or confidentiality of customer data or for the return of control over registrant systems.”

There is an obvious COVID-related spike and it’s unclear if that increase will return to previous levels after the pandemic. Regardless, this is not an out-of-nowhere trend. The financial industry has long been one of the most-targeted sectors for hackers.

Banks are 300% more likely to be attacked than other sectors. Attacks on financial services account for about 19% of all attacks in a given year. Despite this, banks only spend around 10% of their total IT budget on cybersecurity.

“You Can’t Pay Enough Attention”

When customers place their money in a bank, they expect it to be there and their data to be kept confidential. Financial firms have to take decisive cyber action now to plan and protect themselves what seems like inevitable attacks.

In its annual report on issues facing the financial services industry, PWC came to these two conclusions:

• Cyber-security will be one of the top risks facing financial institutions
• “You can’t pay enough attention to cybersecurity”

The overall takeaway: Don’t wait until it’s too late. Not only should companies plan as if they were going to be attacked, but they should also prioritize using the right tools.

In particular, the report recommends adopting cloud-based cybersecurity, saying it the “compelling” choice for financial firms. The report goes on to say:

“Cloud-based cybersecurity can “improve intelligence gathering and threat modeling, block attacks more effectively, help different teams collaborate and learn more effectively, reduce the lag time between detection and mediation and create secure communication channels.”

Advanced cybersecurity tools are needed, ones that not only comply with regulations governing financial institutions, but also are particularly effective at targeting social engineering attacks aimed at web applications.

Don’t take our word for it. Read what Jamie Dimon, JP Morgan’s CEO, wrote in a letter to shareholders:

“The threat of cybersecurity may well be the biggest threat to the U.S. financial system...we spend nearly $600 million a year on these efforts and have more than 3,000 employees deployed to this mission in some way.”

Add Powerful Protection Now—Before It’s Too Late

Cloud-native security for the cloud-based world, with powerful anti-phishing technology, is an essential part of business.

That’s what Avanan provides. Its machine learning algorithms combine with role-based, contextual analysis of previous conversations to identify threats that Google, Microsoft and external mail gateways miss. Deployment-day analysis of one-year’s worth of email conversations builds a trusted reputation network.

A key feature is the ability to protect against internal threats. SEGs like Proofpoint and Mimecast, by nature of their architecture, can’t see, let alone protect, internal email. Protecting against internal threats is critical, because according to a report, 58% of attacks on financial institutions rely on employees gaining access, yet 90% of those have no idea that they’re aiding in that access. Hackers are pitting financial firms against themselves. Firms are blind to this.

Because it deploys inline via API, Avanan is able to scan internal email and use its artificial intelligence and machine learning algorithms, along with its contextual analysis and trusted reputation network to detect when something is off.

Additionally, Avanan’s patented anti-phishing approach is led by our AI that scans over 300—and growing—indications of phishing.

This is on top of our industry-best malware and ransomware protection, by scanning every message, file and application in your entire cloud ecosystem.

Phishing and other cyber attacks will continue to be propagated against financial institutions. But the level of unpreparedness across the industry is troubling. Enabling smart, cost-effective cybersecurity is a fast and reliable way to prevent major issues down the road.