As Cybercrime against the Financial Sector Jumps by 238%, What Can Banks Do to Address the Risk?

The rise of cybercrime in 2020 was widely reported, but did you realize how much of the threat was targeted at the financial sector? 80% of financial institutions have reported a rise in cyberattacks over the past 12 months, a shocking 13% rise from 2019. In fact, between February and April alone, the spike was 238%. One thing is clear, banks need to take this as a wake-up call.

We’ve outlined five of the key trends that have contributed to this rise in cybercrime. What are the attack patterns to watch, and how can the banking industry increase its intelligence to meet the increased risk landscape for 2021?

Trend #1: The Huge Growth of Fraud and Identity Theft

A 60% rise in fraud was one of the largest contributors to the rise in banking-related cybercrime this year. According to the latest Financial Crime Report, the top issue is card cloning, a growing issue that accelerated by 34% in 2020 alone.

Connected systems make it much easier for attackers to steal physical card details via sophisticated cyberattacks. New attack vectors include Point-of-Sale systems or credit card readers that can provide access to stolen EMV data. This is then utilized to steal financial data or money from customers, but can only be successful when banks fail to verify the CVV. Unfortunately, studies have shown this security gap may apply to more than 1/3 of banks.

It’s also worth noting that the cost of each fraudulent transaction has jumped as well, since COVID-19. Each attempted instance of fraud was 5.5% higher in value than the data reported in 2019. Banks need to recognize that attackers are getting more aggressive in their tactics, and believe they are able to fly underneath the radar of bank staff, who fail to recognize their illegal activities.

Trend #2: The Shift to Online Spending and Communications – at Speed

The pandemic forced shopping online in greater numbers than ever before, and as a result, banking employees need to review transactions through a different lens. Director of the Merchant Risk Council, Markus Bergthaler warns that “Recent figures suggest that over 80 percent of credit cards currently in people’s wallets have already been compromised.” What may have seemed suspicious this time last year may simply be a lock-down impulse buy this year, and employees need in-depth training to spot the difference.

Another relevant trend is an increase in activity from High-risk Merchant Category code industries. These are industries that are included among the highest-risk for fraud and disputes and include Transport, Telecoms, File Sharing, and Cloud. Now consider the growth in communications and transactions in these areas in 2020, and it isn’t hard to see why cybercrime rose alongside. From customers receiving refunds on canceled holidays, to organizations accelerating cloud roadmaps overnight, bank employees would benefit from specialist training and support to handle the increased risk of the exponential growth in traffic to these sectors.

Trend #3: Increased Complexity in Banking Infrastructure

In 2019, over 70% of financial companies suffered a cybersecurity attack, more than any year previously. A quick look at what today’s banks are dealing with, uncovers:

Outdated legacy systems: The cost and the risks associated with maintaining legacy infrastructure is huge, and yet most banks can’t phase this reliance out of existence. Critical data and applications are often housed in legacy systems, leaving bank employees forced to handle inefficient and outdated processes as part of their day-to-day work.

Hybrid deployments: As banks attempt to modernize and embrace digital transformation, cloud deployments are becoming more common, including cloud-native and serverless infrastructure. As Legacy cannot be removed entirely, this leaves banks with a hybrid reality, one of the hardest to visualize, and therefore, to protect.

Shared infrastructure: From shared cloud services to physical relationships with FinTechs who may utilize financial and regulatory infrastructure, attackers are utilizing supply chains and partner relationships to gain footholds into financial networks

When attackers plan a campaign against any organization, they thrive on complexity, knowing that the more complex a network – the less visibility the security teams and bank employees will have.

Trend #4: Securing Remote Work in the Post-COVID World

The operational challenges that banks are dealing with in 2021 cannot be understated. KPMG predicts that the Banking sector is changed for good, with offshore service center closures causing a necessary rise in automation, and work from home being extended in many cases for the long-term. The financial giant comments that “investing in the right support and training for staff in a challenging era will be key.”

The challenges that arise from working from home are varied and include securing BYOD policies, the realities of insecure home networks that are shared with multiple members of a household, and old or poorly configured equipment, from laptops and PCs to routers. These are challenges for more than just employees that work in HQ. In the US alone, teller transactions reduced 40% in 2020, and the year was expected to see more than 20,000 bank closures altogether.

Banks need to focus their attention on incident response techniques and employee education playbooks for at-home scenarios, or risk vulnerabilities that are invisible until it’s too late.

Trend #5: The Transformation to Digital Banking

Of course, it’s not only employees moving to virtual. This shift goes hand in hand with consumer behavior. Even pre-pandemic, bank branches were closing at a rate of 3 per day, as millennials pushed this traditional industry into the digital era. In fact, 27% of millennials have never even been to a physical bank.

Securing the expansion of digital banking means being aware of a wide and ever-changing range of security and privacy concerns, including:

  • Digital identify theft and fraud
  • Sophisticated phishing scams
  • Malware and ransomware
  • Credential leaks
  • Privilege escalation
  • Compliance regulations

Only Security Awareness in the Banking Sector Can Manage All of These Threats and More

It is no wonder that 87% of banking industry leaders say that their concerns about cybersecurity have risen over the past year. To effectively address this fear, banks and financial institutions need more than any single technology. They need to arm their employees with an engaging, ongoing security awareness program that is always up to date.

Author:
Omer Taran
January 14 2021
4a34e52d-562b-4e1e-8b71-5c005a7559a9