Acording to a recent report from IBM X-Force Research, the financial services industry was attacked far more than any other industry last year.
Financial institutions faced 29 percent more attacks in 2016 than in 2015, according to the report, and the average financial services organization experienced 65 percent more cyber attacks than the average organization across all industries.
The total number of financial services records breached last year surged by 937 percent to more than 200 million.
“Cybercriminals have always gone where there is money to be made,” IBM X-Force Threat Research practice lead Nick Bradley said in a statement. “While financial services has been a highly targeted industry by cybercriminals, in previous years, their main focus shifted to other more lucrative industries like healthcare or retail. However, in 2016 we saw a significant resurgence to financial services as criminals decided to go directly to the source money.”
The majority (58 percent) of attacks on the financial services industry were insider attacks, while outsider attacks accounted for 42 percent — though 53 percent of insider attacks were inadvertent, according to the report.
Investing in Security
Nick Bilogorskiy, senior director of threat operations at Cyphort, told eSecurity Planet by email that banks are aware of these threats, and are spending heavily on countermeasures. “It’s said that J.P. Morgan alone spent $500 million on security last year, and that was double from 2015,” he said. “Collectively J.P. Morgan, Bank of America, Citibank and Well Fargo spent $1.5 billion to battle cybercrime.”
“Our banks and financial institutions are all interconnected today, which creates major risks, and international groups of criminals in various countries are monetizing these risks,” Bilogorskiy added. “For example, last year hackers stole $81 million from Bangladesh Central Bank via SWIFT using Odinaff malware on a long weekend.”
The vast majority of these breaches, Bilogorskiy noted, are enabled via spear phishing attacks. “An employee of a bank gets an email with an MS Office document which has a macro that downloads Odinaff malware,” he said. “Attackers then try to achieve lateral spread, using tools already on the computer — Windows components like PowerShell or WMI or PsExec.”
And Cyphort Labs senior director Mounir Hahad added that larger institutions aren’t necessarily more attractive to cybercriminals. “Even smaller regional bank and investment firms are regular targets,” he said. “Cybercriminals are aware that well established financial institutions have a very good security posture and therefore rely less on malware to breach their networks and more on stolen credentials.”
IBM recommends that financial institutions take the following steps to protect against attacks:
- Conduct employee awareness training — continuously train and test employees to teach them how to identify suspicious emails to avoid falling victim to phishing scams.
- Reduce exposure to insider threats — combine data security and identity and access management solutions to protect sensitive data and govern the access of all legitimate users.
- Apply a cognitive approach — augment a security analyst’s ability to identify and understand sophisticated threats by tapping into unlimited amounts of unstructured data from blogs, websites, research papers and the like, and correlating it with relevant security incidents.
- Develop and implement an incident response plan — identify the data necessary to respond to an attack, understand how to mitigate an attacker’s access.