Fighting the good cyber fight

For the first time in five years, financial services – including banks, payments providers, financial markets and insurance – is no longer the most attacked sector in IBM’s recent X-Force Threat Intelligence Index. Manufacturing has taken over the lead, with 23.3% of attacks in 2021. Corey Hamilton, financial services security expert at IBM, attributes manufacturing’s prominence to the fact that vulnerability exploitation, or “known exploits in the wild that had not been patched”, was the largest initial attack vector.

In addition, Mr Hamilton believes that the high security standards, controls and regulations put in place in the financial services sector are beginning to yield concrete results. “The industry is doing security right,” he says.

He also points to the expansion of new technology, particularly cloud computing. The ability to do security by design up front within the infrastructure, as opposed to taking a ‘Frankenstein approach’ to creating a security programme on legacy infrastructure, is creating a more secure environment.

“When organisations move to the cloud, they’ve got the backing of the largest technology and security organisations, with [hundreds of cyber] threat hunters, analysts, global security operations centres that are working 24 by seven. So, leveraging the cloud and pulling in best practices is something that you’re not going to get in a legacy infrastructure,” says Mr Hamilton.

However, this should not lull the financial services industry into a false sense of security; it is still the second most attacked sector, with 22.4% of attacks. Of these, 70% were on banks, 16% were on insurance organisations and 14% were on other financial organisations, according to the report.

Phishing continues to be the most common pathway for initial attacks, comprising 46% of incidents, followed by vulnerability exploitation at 31%. Password spraying (an attack that attempts to access a large number of accounts with a few commonly used passwords), brute force and VPN access were also observed attack vectors against finance and insurance firms.

The most attacked geography in 2021 was Asia, comprising 34% of all attacks on the industry, followed by the Middle East and Africa, which was disproportionately large at 29%. Europe saw a moderately small share of the attacks (19%), followed by North and Latin America at 9% each.

Many Asian countries are ahead of the curve in digital transformation, which could account for the higher level of attacks, according to Mr Hamilton. For example, China and Singapore are advanced economies in terms of leveraging mobile technology and digital payments. “When you’ve got everything online, the likelihood that attacks could occur goes up,” he says.

Mr Hamilton emphasises that financial services is critical infrastructure and the sector remains a target for bad actors, whether criminals or nation-state agents. He points to the current conflict between Russia and Ukraine. “We are seeing instances where financial services organisations within Ukraine and eastern Europe are starting to be disrupted with distributed denial-of-service attacks, as well as the implementation of various malware,” he says. “Some of the attack methods that we highlight in the report are being played out today in the national space.”

To keep ahead of the cyber threats, he recommends improving information-sharing across the industry, adopting least-privilege principles for identity and access management, increasing customer education efforts, and leveraging new technology such as cloud and artificial intelligence. “People are always the weakest link, so we should look to automate every process possible, which also allows the limited number of staff to focus on those tough problems that machines can’t do,” he adds.

Joy Macknight is editor of The Banker. Follow her on Twitter @joymacknight

Register to receive the Editor’s blog and in-depth coverage from the banking industry through the weekly e-newsletter.