A proactive two-step remedy for financial services cyber threats

All the stats and trends point to a sobering truth: Because they hold a treasure trove of data assets, financial services firms are a priority target for cybercriminals. And aside from their valuable data, financial entities must meet the growing demand for an engaging online customer experience—something that may further expose IT vulnerabilities to hackers.

While their objectives can vary, cybercriminals often target banking institutions hoping to steal personal information (e.g., Social Security numbers) and access financial services such as credit cards. Unfortunately, savvy hackers can find any number of ins to a banking customer’s private profile.

Let’s take a closer look at how financial services cybercrime can happen, what can be the consequences, and how a proactive two-step approach can make a vital difference for financial services IT security in the cloud era. 

Phishing and ransomware

 

Phishing, a method of tricking users into divulging login credentials for access to an internal network, is a common method for hackers targetting financial services, the industry in which the most phishing attacks took place in Q1 of 2021 according to the Anti-Phishing Working Group (APWG).

The most typical form is email phishing, where phoney communication goes to users with infected links that could initiate malware or load a counterfeit web page that harvests login credentials. Phishing victims are also frequently pressured to process financial transactions, seemingly at the request of senior company representatives.

These scam emails can be especially convincing when they’re presented with a sense of urgency or take the form of reply messages to an existing email thread—a tactic known as thread hijacking.

Malware can also take the form of ransomware, another critical breach risk for financial services. During a ransomware attack, cybercriminals lock victims out of their computers or entire systems until a ransom is paid.

Hackers use multiple extortion methods to pressure victims into paying the ransom, including the threat of making public any sensitive stolen data or selling it on criminal forums. These tactics are unfortunately very effective against financial institutions because they must abide by industry regulations that demand high levels of data breach resilience.

Across industries, a significant spike in ransomware attacks was observed in 2020 and the trend continued to climb in 2021. The New York-based Atlas VPN service provider observed a 151% increase in ransomware attacks in the first half of 2021 compared to 2020.

DDoS and SaaS attacks

The financial sector is also a frequent target of Distributed Denial-of-Service (DDoS) attacks, where the organization’s server is overwhelmed with fake connection requests, forcing it offline. DDoS attacks can be quite effective against financial services because their “attack surface”—their extended IT infrastructure—reaches far beyond the bank’s own IT to customer accounts, payment portals, etc.

Once systems are crippled, cybercriminals can leverage the resulting chaos by launching additional attack campaigns while security teams are distracted or by offering to stop the DDoS attack if a ransom is paid, a strategy that can succeed given the strict SLA agreements that financial institutions often follow.

Between 2019 and 2020, the financial services industry experienced a 30% increase in DDoS attacks, a spike that coincided with the beginning of the pandemic.

When third-party vendors and software as a service (SaaS) applications lack strong cyber security measures, the partner financial institution could be the one that suffers.

Payment processing services, for instance, aren’t always categorized as financial institutions but in the eyes of cybercriminals, their proximity to private banking data makes them prime targets.

What are the consequences?

Even a single successful cyberattack can carry immediate financial consequences that will directly impact an institution’s bottom line. Ransomware payments can reach into the millions of dollars, while business email compromise and data theft can be just as costly.

Then there’s share price. In the aftermath of an attack in 2019, share price in Capital One Financial dropped by 5.9%.

Overall, IBM has estimated the average total cost of a cyber attack at $4.24 million. This figure includes a wide range of legal, regulatory, and other expenses that can arise long after the incident has been resolved.

Business disruption and lost productivity can be included in those after-the-fact costs that are difficult to quantify. Once hackers access an IT environment, they can shut down business-critical infrastructure. In 2020, a DDoS attack brought the New Zealand Stock Exchange to a standstill for three days, halting all trading for the duration.

Of course financial services cybercrime victims can also run afoul of industry regulators who are trying hard to ensure that organizations with confidential data or personally identifiable information (PII) take strong measures to secure it

Long term, one of the most costly impacts of all may be damage to reputation, which can complicate efforts to attract new business and retain existing clients. Partners, customers, and even credit rating agencies are looking closely at cyber incident responses in the financial sector as part of overall risk-management analysis.

The two-step approach for financial services

Amid all the worrying trends, the good news is that significantly improving IT security for financial services firms can be as simple as implementing a two-step methodology of deeper insight and application of best practices for security posture in the cloud era.

Despite their ingenuity, cyber attackers often reuse successful attack sequences to exploit common security vulnerabilities across financial entities. While we can never fully eliminate the potential for human error, the following two-step proactive approach can effectively address most of the exposures that lead to data breaches in financial services. 

Step one: Obtain a clear view of the entire SaaS infrastructure—and shed light on high-risk Shadow IT.

A third-party risk management program such as Augmentt Engage will help identify security vulnerabilities for all third-party cloud services to help prevent supply chain attacks. This is critical in a time when companies across sectors are using up to 15x more cloud services to store sensitive company data than CIOs and executives are aware of or had authorized.

Using an advanced agent, Augmentt Discover quickly identifies every software-as-a-service (SaaS) application used across an organization, regardless of where people work, which devices they use, and how they run applications.

Next, Augmentt Discover deploys a library of 22,000+ applications to classify risk and assess organizational productivity. This analysis can automatically categorize SaaS by job function and risk, then instantly classify apps according to their security, financial or productivity level of risk.

Importantly, Augmentt Discover is a multi-tenant solution that was designed with collaboration in mind, allowing financial institutions to access and view their own SaaS usage across the organization. The resulting insight means that security partners can confidently recommend and act on sound strategies that improve SaaS security and productivity.

Step two: Protect your Microsoft 365 environment and most important cloud applications by auditing and monitoring security policy enrolment to significantly reduce the risk of a security breach.

Microsoft Office 365 has millions of fraudulent sign-in attempts happening each day. A state-of-the-art platform such as Augmentt Secure reveals strategies for industry-best security posture by identifying blind spots and reducing the overall risk of threats through MFA and policy enrollment monitoring.

Augment Secure lets you put all of the improvements into sharp focus with custom reporting that tracks security score improvements and shows the value of the security service delivered.

Other features such as global MFA visibility protect end-users by identifying and closing security policy gaps. By enabling IT teams to audit security posture and analyze security policy configuration, Secure lets financial institutions reduce risk and improve posture scores over time, all monitored in customer-facing QBR reports.

IT security specialists who work with a platform provider like Augmentt can leverage advanced solutions developed specifically for cloud-era cyber security. For financial services firms with complicated IT environments, Augmentt enables critical and next-level SaaS management and optimization across an entire ecosystem, something that is vital to enhanced cyber security in the modern business world.

Learn more about your own two-step security plan

Reach out today to begin a conversation about how we can custom-design the security roadmap your organization needs to mitigate the surge of data breaches and related threats in the financial services industry.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick…
    Read

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to…
      Read
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.