Lessons Learned: Cybercrime Incidences in the Financial Services Industry We Can Learn From

  • May 30, 2018

The financial services industry was the hardest hit with cybercrime in 2013 according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase on the 38 incidents in 2016 and 24 in 2015, according to Information Age 

While each industry has their own set of pain points and challenges, there are common approaches they all use in efforts to solve them: they’re each looking at ways to automate and connect with their customers through digital technologies to provide better service, better products, and better experiences to the end-user. Unfortunately, the adoption of new technologies across industries is widening the attack surface for hackers—and the financial services industry is no stranger to this cyber shift.  

Financial firms are more advanced than ever before, allowing customers to bank online, on any device, anywhere, at any time. While convenient for consumers, financial firms have increased their attack surfaces as a result, and that convenience is coming at a cost for firms—both monetarily and reputationally. Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cybersecurity readiness.


The consumer credit reporting agency was breached in 2017, exposing sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was failure to keep its computer systems adequately up to date.  

Lazarus group 

 Figure 1https://www.csoonline.com/article/3187548/security/kaspersky-lab-reveals-direct-link-between-banking-heist-hackers-and-north-korea.html 

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cybersecurity firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.  

Bangladesh Bank  

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers. 

What can we learn?  

Let’s quickly recap the vulnerabilities in each incident: 1) outdated system, 2) employee exploitation, 3) poor ratio of defenders to hackers.  

This tells us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates. To ensure employees at all organizational levels don’t fall victim to a scam, a cyber team lead can create a “data privacy first” culture complete with regular employee scam testing scenarios. Finally, to ensure the right ratio of defenders to hackers, firms need to fill the cybersecurity skills gap to ensure enough people have the right competencies necessary to face new and evolving threats.

The increase in reported attacks reflects a greater need for accountability across all enterprises and institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyber attacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue (there aren’t enough qualified cyber professionals out there). TRAINING your cyber workforce proactively using active-learning and gamified systems to combat the latest threats is the key to sustained success.