Financial services companies such as banks, credit unions, credit card companies and investment banks are of course entrusted with lots of personally identifiable information (PII) that has historically made the sector a key target for cybercriminals.
Many industries have been making a gradual move to a new digital way of working over the last few years, and the COVID-19 pandemic sped this up dramatically. This has created easier targets for cyberthreats as industries have had to wrestle with remote working practices, digital distribution and expanding security perimeters. Armed with more sophisticated malware made readily available, cybercriminals have simultaneously become more self-assured as they have gone beyond traditional theft and ransoms to leaking sensitive information and committing fraud.
Traditionally, financial service is an industry that invests more into their cybersecurity, but when faced with such a variety of cyber threats it becomes difficult to protect themselves against everything.
This year, the ‘Outsourcing & Third Party Risk’ legislation comes into effect which introduces new risk management guidelines for any third-party outsourcing agreements.
Our client Coeus Consulting wrote an informative piece on their website on whether the financial service companies are prepared for the new regulation.
Equipped with more refined technology, cybercriminals are attacking the financial services with a greater variety of threats, including:
Phishing
This is one of the most effective techniques cybercriminals use to steal personally identifiable information (PII) and credentials.
The attacker will use information they have gathered about a victim through social engineering techniques to try and convince the recipient that the email they have received is legitimate. It is estimated that 91% of successful data breaches began with a phishing attack, and a recent post from our client Menlo Security details how malicious phishing emails have led to an increase in HEAT attacks.
Similarly, Business Email Compromise (BEC) grants the attacker access to a business email account, and in turn, sensitive data. The attacker will also pose as the owner in order to defraud the target company, employees, customers or partners.
Ransomware
Ransomware has increased in popularity and tact over the last couple of years. It is a type of malware that encrypts data and holds them ransom. Attackers will demand victims pay a ransom within a certain timeframe or they will leak the information publicly. Cybercriminals will begin a ransomware attack by gaining access to the victim’s device through a phishing email, making them increasingly targeted attacks.
Credential Theft
An attacker will only need to steal one credential to gain access to a company’s network in order to launch an extensive attack that could involve transferring money or spreading corrupt links to other employees. Credential theft is an issue that affects many modern industries globally with a high cost to the economy.
Point of Sale (POS) Malware
All online purchases are conducted through a POS system. Malware can be used to infect these systems and obtain card data to be used or sold on. This is a very sophisticated attack that can be difficult to resist.
Mobile Apps Malware
Although they advertise an advanced level of security, many banking apps have defects and vulnerabilities that can be exploited to derive sensitive data from. Mobile banking trojans are “one of the most rapidly developing, flexible and dangerous types of malware” with the ability to steal funds from bank accounts.
Cryptojacking
Cryptocurrency has increased in popularity over the past year, and with the market moving millions of pounds each day it makes it the perfect target. An attacker will gain access to a target’s device through a phishing email from which they can generate and transfer cryptocurrency.
At Origin Comms we are a leading cybersecurity and tech PR agency. With a wealth of experience, we support multiple businesses across industries to create and distribute messages at the best time, for the right audience.
Get in touch to find out more about how we can help drive forward your PR roadmap, and boost your brand image across the digitally diverse landscape.