The Future of Finance Cyber Security in 2020

Cyber attacks seem to grow more sophisticated and menacing with each passing year. No industry understands this better than finance, as their enormous stores of cash and sensitive data make them a prime target for hackers year-round. Let’s look ahead at four trends that are likely to play a role in 2020’s biggest banking hacks and share how we can help harden financial services firm’s security posture to prevent attacks.

Ransomware attacks will evolve

Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for a ransom. As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.

Biometric security leaks and anti-fraud system bypass

A new report from cyber security company Kaspersky states that cybercriminals have created a huge underground market called Genesis, which sells digital fingerprints of online banking users from all over the world. There have also been several biometric database security leaks in the last year, the most notorious of which was the Biostar 2 database, which included the exploitation of biometric data of over 28 million people. With biometric leaks on the rise, this will make it easier for hackers to bypass anti-fraud systems to gain access to online bank records.

Increased third party risks

Banks have not been impervious to the decentralization of IT that has affected most enterprise businesses. As organizations become increasingly reliant on third-party vendors for their day-to-day operations, financial services firms must be continuously monitored for cyber security vulnerabilities. Lack of awareness of how third-party security services operate could cost banks millions in 2020 and beyond. Ensure your cyber team is not only monitoring its own vulnerabilities but that of its outsourced security as well.

Cryptocurrency hacks

Big banks are starting to dip their toes in the crypto waters, with one in five financial firms saying they might start trading cryptocurrencies. However, crypto exchange has had many hacks of its own, including the largest in history, which happened earlier this year. Japanese crypto exchange, Coincheck, was drained of coins worth a total of roughly $534 million. In the first half of 2019 alone, hackers have stolen approximately $4.26 billion worth of crypto currency. It’s possible that the involvement of major financial institutions will shore up the security of the crypto industry — but if the past is any indicator, extreme measures will have to be taken to ensure the security of these digital currencies.

So, how can financial institutions continue to grow and adapt to new technologies while keeping their stores of information and constituent’s wealth safe from adversaries?

Circadence has a solution: our gamified cyber learning platform, Project Ares. Project Ares can be used by everyone at your institution from the Chief Financial Officer to IT teams. With persistent, hands-on learning in a safe, browser-based environment, financial services security teams can stay up to date on the latest threats and feel prepared to keep them at bay. With finance specific missions such as Operation Wounded Bear and Operation Crimson Wolf, your team can practice combatting hackers anytime, anywhere. Don’t let your finance company be the next one making headlines for a data breach, see what Project Ares can do for you.

Photo by Erol Ahmed on Unsplash

Learning from the Top 5 Financial Cybersecurity Incidents

Banks, credit unions, credit card companies, investment firms, and insurance companies are all under cyberattacks—making financial cyber security a hot topic of discussion. For years, the finance industry has been one of the hardest hit with cybercrime according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase from the 38 incidents in 2016, according to Information Age. Financial cyber security regulations are keeping companies in check but the pace at which threats evolve in sophistication requires a persistent approach to stay ahead of hackers.

If you bank online or have an insurance policy, you likely understand the convenience of single keystroke access to financial information. It’s easy, convenient and useful to transfer funds from mobile device to mobile device; electronically sign a form; or get a quote for a mortgage company just by entering in new financial details. Unfortunately, the rapid pace of adoption of new technologies that make these everyday transactions convenient is widening the attack surface for hackers and prompting security professionals to consider even stronger finance cyber security risk management processes.

Financial Cyber Security Incidents

Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cyber security readiness.

Equifax 

The consumer credit reporting agency was breached in 2017, exposing the sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was the failure to keep its computer systems adequately up to date.

Bank of Chile

State-backed hackers infiltrated the Bank of Chile’s ATM system in January 2019 and stole $10 million. The cyber heist was deployed via hackers initiating a virus as a “distraction” then prompting banks to disconnect 9,000 computers to “protect customer accounts.” Meanwhile, hackers sneaked in and used the global SWIFT bank messaging service to deploy fraudulent transactions.

India’s Cosmos Bank

Unauthorized users accessed their system and siphoned nearly $13.5 million through withdrawals across 28 countries. Unidentified hackers created a proxy switch that approved all the fraudulent payments.

Lazarus group

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of a brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cyber security firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.

Bangladesh Bank 

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers.

Learning from Financial Cyber Security Incidents

Outdated systems, employee exploitation, weakened network security, and a poor ratio of defenders to hackers all contribute to the severity of these financial cyber security incidents.

These attacks tell us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates.

Financial cyber security compliance leaders need to empower their teams with the right tools and persistent learning opportunities so they can be prepared for any malware infection or system overwrite that occurs.

The increase in reported attacks reflects a greater need for accountability across all financial institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyberattacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue. Training your cyber workforce proactively using gamified cyber range training to combat the latest threats is the key to sustained success.

For more information on how financial firms can upskill their security workforce
download Project Ares subscription brochure.

Photo by Alexander Mils on Unsplash