Banks have long been one of the prime targets of cyber criminals. However, in the last couple of years the sheer scale of this targeting has seen a major uptick. One study found the number of attacks against financial institutions increased by 238% in 2020, and the number is likely to have risen further since.

So, what has changed and how can banks respond?


A big rise in cyber-attacks against banks

Banks today face a more concerted and determined cyber threat than ever before. Reports show that phishing attacks against banks increased by 22% in 2021 against the previous year, while attacks against financial apps rose by 38%. Meanwhile ransomware attacks have become even more prevalent, jumping by over 1300% in 2021. What might explain this huge increase? Possible reasons include:

  • The pandemic – which criminals exploited in various ways
  • Banks’ ever-increasing reliance on digital tech, which increases their exposure
  • Remote working has opened up opportunities for criminals

The cyber threat against banks is enormous, and is clearly not going away. So, what should they be looking out for, and how should they respond?


5 of the biggest cyber security threats against banks

At FITTS, we work with several financial institutions to help them adapt to this changing threat landscape. Here are some of the most common threats we come across:

  1. Ransomware: In a ransomware attack, a criminal gang will use malware to lock companies out of their business systems, then demand an extortionate payment to return access.
  2. Phishing: Phishing is a form of social engineering whereby criminals send genuine-looking emails to unsuspecting employees asking them to download infected files. This then allows the criminals to access your systems. One particularly concerning variant of phishing, known as ‘whaling’, became more prominent during the pandemic. Whaling involves cyber criminals posing as high-powered executives at banks by hacking into their email accounts or using false email addresses. They then tell more junior staff to do things such as releasing funds.
  3. Remote work: With many financial services institutions now allowing employees to work remotely at least a couple of days per week, cybercriminals have a potentially much larger attack surface to probe and find weaknesses in. Any employees with poorly configured home IT networks could offer a back door into your system.
  4. IT weaknesses: Banks are using an ever-growing range of digital technologies, for everything from customer service to voice calls to cloud data storage. Any weaknesses in your suppliers’ IT could potentially allow criminals to enter your systems via the backdoor.
  5. Denial of Service attacks: DoS attacks are a long-established cybercrime method. Criminals send huge numbers of requests to access your website or servers which can force them offline. DoS attacks are nothing new, but criminals now have more computing power than ever to perform them, making them easier and cheaper to do.


Staying vigilant against financial services cyber threats

The steep increase in cyber-attacks against the financial services sector in the last couple of years is deeply concerning. There is no single solution to any of these threats, and successfully defending your systems requires a mix of processes, people and protection. Here are some of the most effective methods we are using with our customers.

Getting the basics right

You might be surprised by just how many businesses fail to get cybersecurity fundamentals right. It is absolutely essential to patch any vulnerabilities, update operating systems, and ensure your firewalls are configured correctly.

Staff security training

Human error is by far the biggest cause of cyber security breaches at banks. Staff need training on how to spot phishing emails, basic security hygiene (such as using complicated passwords), and you also need to develop policies for remote working.

Multi factor authentication (MFA)

MFA is a way of requiring bank staff to provide at least two types of ‘proof’ that they are who they say they are when logging into your systems. For example, after providing their username and password, they may also receive an e-mail to their work inbox to confirm they are trying to log in.

Zero trust model

The zero trust model is an information management approach whereby data on a bank’s systems is segmented, and people need credentials and permission to view new content or information. It makes it much harder for criminals to ‘move sideways’ inside your IT environments and access more data.

Artificial intelligence monitoring

Tracking suspicious activity in your bank’s systems (e.g., an employee trying to view files they don’t normally look at) can be very challenging. And this is where artificial intelligence can help. AI will constantly scan for suspicious behaviour and alert your IT teams to anything that appears unusual.

Recommended: Using AI to tackle bank fraud

Backing up

A final method for protecting your business from cyberattacks (and ransomware threats in particular) is to back your systems up – both in the cloud and on-premises. In the event that you do get breached, having your systems backed up regularly allows you to recover quickly.


Don’t fall victim to the bank robbers

Banks have always been a target for cyber criminals – and will continue to be so. Nonetheless, by taking proactive steps to stay ahead of the cyberthreat, you can significantly reduce the risks – and soften the impact if your defences do get breached.

Read more: What is Microsoft Cloud for Financial Services?

At FITTS, we work with a range of banks, insurers and other FS businesses to protect them against cybercrime. Contact us today to learn how we can help you.