3 patterns account for 75% of cyber-attacks on financial institutions

The finance and insurance industries face some unique challenges around data security and information protection.

As security solutions have become increasingly sophisticated, you might think that the threat of an electronic attack on your business is receding; but you’d be wrong, writes Stephen Keenan. Attackers are just getting smarter. Today’s global economy has streamlined commerce for both enterprises and consumers, and financial systems are now readily accessible worldwide, from anywhere, at any time.

The finance and insurance industries face some unique challenges around data security and information protection. While not immune to routine opportunistic attacks by miscreants who continually scour the web for easy pickings, their status as a high-value target means they attract significantly more directed and tenacious criminal attention.

Analysis of the real-world data breach caseloads in Verizon’s 2014 Data Breach Investigations Report (DBIR) identified that just three threat patterns are attributed to 75% of the security incidents in the financial services industry. These are:

  1. Web application (web app) attacks – found in 27% of incidents

For example – where attackers use stolen credentials or exploit vulnerabilities in web applications — such as content management systems (CMS) or e-commerce platforms

 2.   Denial of service (DOS) – found in 26% of incidents

DOS attacks use armies of “botnets” of PCs and powerful servers to overwhelm an organisation’s systems and applications with malicious traffic, causing normal business to grind to a halt

 3.   Skimming – found in 22% of incidents

For example – criminals tampering with a card payment device to install a “skimmer” that automatically captures a customer’s card data, and it is usually ATMs that are targeted

Put simply, improving defences against these three areas could help financial services organisations to substantially lower their risk to cybercrime. It seems simple, and it is – by looking at each attack pattern in detail, financial services organisations can tailor their security strategies to target these specific areas.

When all things are considered, dealing with security incidents may seem like the smallest of concerns when the very existence of financial institutions has been on the line. Yet a successful attack on a financial institution could leave irreparable damage; quantifiable in tangible items such as stolen or misappropriated resources, but also in the more intangible yet hugely significant aspect of brand image and reputation. Can you afford not to be prepared?

Watch out for my next article, which will delve deeper into the attack patterns and provide recommendations as to what those in the financial services sector can do to limit the impact of these specific threats on their organisation.