Banks have long been one of the prime targets of cyber criminals. However, in the last couple of years the sheer scale of this targeting has seen a major uptick. One study found the number of attacks against financial institutions increased by 238% in 2020, and the number is likely to have risen further since.
So, what has changed and how can banks respond?
A big rise in cyber-attacks against banks
Banks today face a more concerted and determined cyber threat than ever before. Reports show that phishing attacks against banks increased by 22% in 2021 against the previous year, while attacks against financial apps rose by 38%. Meanwhile ransomware attacks have become even more prevalent, jumping by over 1300% in 2021. What might explain this huge increase? Possible reasons include:
- The pandemic – which criminals exploited in various ways
- Banks’ ever-increasing reliance on digital tech, which increases their exposure
- Remote working has opened up opportunities for criminals
The cyber threat against banks is enormous, and is clearly not going away. So, what should they be looking out for, and how should they respond?
5 of the biggest cyber security threats against banks
At FITTS, we work with several financial institutions to help them adapt to this changing threat landscape. Here are some of the most common threats we come across:
- Ransomware: In a ransomware attack, a criminal gang will use malware to lock companies out of their business systems, then demand an extortionate payment to return access.
- Phishing: Phishing is a form of social engineering whereby criminals send genuine-looking emails to unsuspecting employees asking them to download infected files. This then allows the criminals to access your systems. One particularly concerning variant of phishing, known as ‘whaling’, became more prominent during the pandemic. Whaling involves cyber criminals posing as high-powered executives at banks by hacking into their email accounts or using false email addresses. They then tell more junior staff to do things such as releasing funds.
- Remote work: With many financial services institutions now allowing employees to work remotely at least a couple of days per week, cybercriminals have a potentially much larger attack surface to probe and find weaknesses in. Any employees with poorly configured home IT networks could offer a back door into your system.
- IT weaknesses: Banks are using an ever-growing range of digital technologies, for everything from customer service to voice calls to cloud data storage. Any weaknesses in your suppliers’ IT could potentially allow criminals to enter your systems via the backdoor.
- Denial of Service attacks: DoS attacks are a long-established cybercrime method. Criminals send huge numbers of requests to access your website or servers which can force them offline. DoS attacks are nothing new, but criminals now have more computing power than ever to perform them, making them easier and cheaper to do.
Staying vigilant against financial services cyber threats
The steep increase in cyber-attacks against the financial services sector in the last couple of years is deeply concerning. There is no single solution to any of these threats, and successfully defending your systems requires a mix of processes, people and protection. Here are some of the most effective methods we are using with our customers.
Getting the basics right
You might be surprised by just how many businesses fail to get cybersecurity fundamentals right. It is absolutely essential to patch any vulnerabilities, update operating systems, and ensure your firewalls are configured correctly.
Staff security training
Human error is by far the biggest cause of cyber security breaches at banks. Staff need training on how to spot phishing emails, basic security hygiene (such as using complicated passwords), and you also need to develop policies for remote working.
Multi factor authentication (MFA)
MFA is a way of requiring bank staff to provide at least two types of ‘proof’ that they are who they say they are when logging into your systems. For example, after providing their username and password, they may also receive an e-mail to their work inbox to confirm they are trying to log in.
Zero trust model
The zero trust model is an information management approach whereby data on a bank’s systems is segmented, and people need credentials and permission to view new content or information. It makes it much harder for criminals to ‘move sideways’ inside your IT environments and access more data.
Artificial intelligence monitoring
Tracking suspicious activity in your bank’s systems (e.g., an employee trying to view files they don’t normally look at) can be very challenging. And this is where artificial intelligence can help. AI will constantly scan for suspicious behaviour and alert your IT teams to anything that appears unusual.
Recommended: Using AI to tackle bank fraud
Backing up
A final method for protecting your business from cyberattacks (and ransomware threats in particular) is to back your systems up – both in the cloud and on-premises. In the event that you do get breached, having your systems backed up regularly allows you to recover quickly.
Don’t fall victim to the bank robbers
Banks have always been a target for cyber criminals – and will continue to be so. Nonetheless, by taking proactive steps to stay ahead of the cyberthreat, you can significantly reduce the risks – and soften the impact if your defences do get breached.
At FITTS, we work with a range of banks, insurers and other FS businesses to protect them against cybercrime. Contact us today to learn how we can help you.
James Haworth
James has 20 years of experience working within global businesses to deliver strategic digital and infrastructure transformations. With clients spanning Financial Services, Energy, Telecoms, Aerospace and Defence he has a broad array of knowledge and experience across multiple sectors. With a specialisation in security, James has been instrumental in defining, delivering and overseeing the delivery of digital strategies and is a sought-after advisor in a CIO/CTO advisory capacity.
As one of our founders, and our managing director, James focuses his time on delivering the FITTS mission, vision and value promise. James’ visionary and forward-thinking approach is valued by our partners and customers alike. He participates on strategic product boards to help define the future roadmap of existing platforms, alongside new products and services.
As well as our technology and strategy delivery, James is passionate about Diversity and Inclusion and partnering with organisations to ensure that their digital platforms are not just innovative but prioritise people-first.