In recent years, there has been a significant uptick in the frequency and sophistication of attacks on the financial and banking industry. The following statistics illustrate the current breadth and depth of cyber attacks by various types of threat actors on financial entities:
This blog explores the rise in cyber attacks on the banking and financial industries, their far-reaching consequences, and what these high-target entities can do to protect against the evolving tactics of threat actors.
In their 2022 Cybersecurity and Financial System Resilience report, the Federal Reserve Board actively notes all potential risks and emerging threats that affect the state of the U.S. economy. At no surprise, cybersecurity concerns topped the list, calling out Ransomware-as-a-Service (RaaS) and sophisticated Distributed Denial of Service (DDoS) attacks as the biggest risks to financial institutions’ ability to operate and safeguard customer data.
An excerpt from the Federal Reserve Board’s report highlights this concern, amplified through the lens of current geopolitics:
The rising number of advanced persistent threats increases the potential for malicious cyber activity within the financial sector. These threats may result in incidents that affect one or more participants in the financial services sector simultaneously and have potentially systemic consequences. Such incidents could affect the ability of targeted firms to provide services and conduct business as usual, presenting a unique challenge to operational resilience. These incidents can also threaten the confidentiality, integrity, and availability of the targeted firm’s data.
Banks and financial institutions can face significant short and long-term financial damages when they experience a cyberattack. These damages can result from a variety of factors, including operational disruptions, reputational harm, legal and regulatory consequences, and increased cybersecurity investments.
A single, successful cyberattack can lead to immediate financial consequences that directly impact a company’s financial performance. Costs are associated with the severity of the attack and the extent of the data exposure, leading to both immediate and long-term repercussions.
Financial entities and banks are mandated to follow applicable compliance frameworks such as PCI-DSS. After a breach, they will be subject to paying fines imposed by regulatory authorities for non-compliance with data protection and cybersecurity regulations. Those that fall victim to a cyberattack face substantial regulatory and legal consequences. Regulatory bodies impose fines and penalties for failing to safeguard customer data, comply with industry-specific cybersecurity standards, and promptly report breaches. These financial repercussions can amount to millions of dollars, severely impacting an institution’s bottom line.
In terms of legal implications, affected parties including customers and partners may initiate lawsuits to claim damages resulting from data breaches. Legal defense costs, settlements, and potential reputational damage from such actions can lead to long-lasting financial strain.
Cyber attacks disrupt services, delay transactions, and lock up day-to-day operations. The more critical the attack is on the systems, the greater the cost to operations. In the immediate aftermath of an attack, resources may need to be redirected towards remediation, taking away from core business activities. Other than direct financial losses, indirect costs while rebuilding systems and restoring data, some additional cybersecurity measures require significant investments, which can put a strain on budgets.
The value of customer trust can’t be measured and a tarnished reputation is one of the most costly consequences of a data breach. The ongoing cost of a data breach is largely reflected in the competitive landscape as the victim organizations see a decrease in their brand value and market share. For publicly traded firms, this cost is mirrored in stock price fluctuations.
As news of a data breach is reported, damage to the victim organization starts to go beyond dollars and cents. The perception of poor security measures can lead clients to doubt the organization’s ability to safeguard their sensitive information, potentially causing customer churn. From a stakeholder’s perspective, negative media coverage amplifies the impact, eroding the organization’s credibility. Extending beyond the immediate aftermath, breaches can massively influence customer decisions, partnership opportunities, and market sentiment.
To better defend the nation’s critical infrastructure from ongoing attacks, the U.S. government has implemented programs such CISA’s Shields Up!, the Office of the National Cyber Director (ONCD), and the Cyber Safety Review Board (CSRB), and most recently, the new U.S. Cyber Trust Mark.
At the enterprise-level, security leaders can use the following checklist to assess their organization’s cybersecurity posture as it stands and improve any identified gaps.
Financial institutions can be susceptible to cyberattacks even with preventative controls in place. To build long-lasting resilience, security leaders are encouraged to design, maintain, and consistently review plans to ensure business continuity in the event that a threat actor succeeds. This includes:
Many organizations adopt an “assume breach” mentality where defenders operate under the assumption that their systems have already been compromised. This is a proactive approach which acknowledges the ever-present risk of cyberattacks and focuses on detecting and mitigating intruders as quickly as possible. By assuming a breach has occurred, defenders strategically deploy continuous monitoring, anomaly detection, and threat hunting techniques to identify malicious activities early on. In essence, “assume breach” empowers defenders to stay one step ahead of adversaries in the dynamic landscape of cybersecurity. Building up the necessary network configurations and system hardening includes the following key aspects:
The increase in phishing attacks and the effectiveness of threat actors in infiltrating login credentials mean that financial institutions must implement the right controls for identity and access management. This includes authentication controls for customers, employees, and any third-party access to sensitive systems. To build up a strong set of identity and access management controls:
As geopolitical and socio-economic sands continue to shift, the targeting of financial institutions and the banking sector by sophisticated and well-funded threat actors continues to be a top concern.
Threat actors continue to refine their techniques and our defense against these attacks needs to evolve in parallel. Enhancing cybersecurity measures, information sharing, and early threat detection are now pivotal to both safeguarding financial systems and mitigating geopolitical tensions.