Financial Sector Under Threat: How Leaders can Prepare for Advanced Cyber Threats in 2022

Source: Finance Derivative

Bernard Montel, EMEA Technical Director and Cybersecurity Strategist,Tenable   

Data is essential in today’s world. Because of this, businesses of all types and sizes are facing one of the most serious continuity and reputational threats of our time: cyberattacks. Cybercriminals capitalise on data, and the more private and/or personal, the more interest cyber criminals will show. This makes financial services a prime target for attackers given the type of information utilised. Cyberattacks go beyond data as, if the attack implicates the digital infrastructure the bank relies upon to function, it can cause system outages which has a direct impact to the entire economy.

According to research by Tenable at least 40,417,167,937 records were exposed worldwide in 2021, but that’s just an indication of the true number. According to the researchers, just 13% of breach disclosures analysed included information on the number of records exposed, meaning this figure will be significantly higher. As the world of work continues to transform, and hybrid working becomes crucial for business growth, leaders must begin to think seriously about security.

The Threat of Ransomware

Ransomware has had a monumental impact on organisations in 2021, responsible for approximately 38% of all breaches analysed for the Threat Landscape Retrospective report, and up to 45% in EMEA. With the rise of ransomware globally, every organisation has been feeling the pressure; but only a few have felt the pain as much as financial institutions and financial service providers.

The most popular way attackers infect organisations is through spam and phishing emails. Others, however, may contain a link to a webpage controlled by the attackers. The goal is to get the target to open the attachment and trick the victim into enabling macros or clicking the link. This can deliver a malicious downloader, leading to the final payload, which is ransomware. Due to the nature of financial institutions as places where individuals and institutions place their money and trust, the severity and potential consequences of a successful ransomware attack can be widespread and long lasting.

Basic security principles can go a long way in blocking the attack path ransomware takes. In the majority of instances, it is a known vulnerability that allows the malware to infiltrate the infrastructure and encrypt systems. Another attack path is the exploitation of misconfigurations in Active Directory. Threat actors will use these to elevate privileges to dig deeper into the network.

The New Normal

During the pandemic, millions of financial services employees, from traders to bankers, transitioned to working remotely. A recent study conducted by Forrester revealed that 78 percent of businesses have reported that some of their staff are still working from home. Stepping into the New Year, businesses must be aware that the digitalisation of financial services and remote working are here to stay. In fact, financial institutions have the highest chance of maintaining remote and hybrid work models, since three-quarters of their employees’ time can be used productively out of the office.

In their shift to remote working, organisations have been migrating their operations to cloud, often without enough thought given to the security implications of this shift. As businesses continue to implement remote working policies, they are simultaneously adopting cloud infrastructure and bringing in more third-party service providers. Business leaders supporting a remote workforce must be conscious of how these changes influence their security posture.

Successfully Connecting Cybersecurity and Financial Institutions

The World Economic Forum’s Global Risk Report 2022 has ranked cybersecurity as the number one risk in Great Britain and Ireland, meaning cyber risk will remain dominant amongst the areas of emergent threats in the New Year.

Attacks in the financial services industry are not a new concept and, in recent years, banks and institutions have become much more sophisticated and regulated. However, it is essential to secure external vendors and potential points of weakness, particularly through implementing audited industry best practises.

Security teams need to adopt solutions that provide appropriate visibility, security and control across the cloud and converged infrastructure. Identify the critical systems organisations rely on to function, identify any vulnerabilities that affect these systems, then take steps to either patch or remediate the risk. Also address excessive permissions in Active Directory that allow attackers to elevate privileges to further infiltrate the infrastructure.

As businesses start to truly understand their expanded attack surface, ensuring that they hold the same level of control and governance over the cloud as they would do for on-premises security is essential. In the post-COVID world, which is increasingly interconnected and digitalised, failing to do the basics means the business is vulnerable and disruption imminent whoever is attacking.