By ECI | Tuesday, January 31, 2023
Cybersecurity threats are ever evolving, especially within the financial services industry. While no company or sector is safe from cyber threats, finance and alternative investment firms are particularly vulnerable. That’s because, since their business is all about money, there are more systems and strategies for malicious actors to target and steal it. Indeed, Verizon’s 2022 Data Breach Investigations Report shows over 95% of cyberattacks against financial and insurance companies are motivated by financial gain.
The report also shows tactics have gotten more sophisticated, with organized crime now responsible for 79% of such breaches (vs. 49% in 2018). It’s therefore no surprise that financial firms are spending the second-most of any industry fighting off cyber threats – with an average cost of $5.72 million per data breach as organizations ranging from banks and hedge funds, to major trusts and currency exchanges mobilize against this perfect storm of highly motivated, highly sophisticated attackers.
ISOLATING THE TOP THREATS
The more companies can learn to navigate an abundance of threats and vulnerabilities and prioritize the top risks, the better they can protect themselves. With that in mind, here are 5 top threats that are especially relevant and worrisome for finance and alternative investment firms.
Ransomware – Financial institutions are a prime target of ransomware for a number of reasons – including the likelihood of available funds to pay a ransom, the value of the data and customer information that’s being held ransom and the sensitivity many financial firms have to reputational damage. In addition, firms in this heavily regulated sector are expected to maintain exemplary data breach resilience, which can be a motivator to quickly end a crisis and move on with fixing the vulnerability that was exploited.
Social engineering – Phishing, spear phishing and other social engineering attacks are everywhere in the sector. Beyond typical phishing attacks – such as scanning LinkedIn for new bank hires and then targeting the junior employee with an urgent request from the “CEO” to buy and send a $500 Amazon gift card – there are more novel threats designed to gain long-term access to critical systems for lateral movement and exfiltration.
Business email compromise – This goes beyond snooping in someone’s inbox for sensitive data or gaining entry for the purposes of social engineering. Malicious actors are increasingly targeting financial firms with advanced business email compromise schemes to make the system literally work for them. For instance, threat actors can gain entry to a procurement manager’s account and then surreptitiously change the Outlook rules – auto forwarding invoices from legitimate vendors so they can we swapped out with fake invoices from fake domains that look like the real thing, but actually facilitate payment to illicit accounts.
As daunting as the above the cyber threat landscape has become, financial organizations can stand up better defenses with the help of strategic planning models such as the MITRE ATT&CK Framework, which uses a matrix format to categorize certain threats and likely targets.
Another common resource is the Pyramid of Pain conceptual model for categorizing threat tactics into six categories depending on how “painful” or disruptive a successful defense against such attacks would be to the perpetrator. The pyramid ranges from low level indicators of compromise – such as attacks based on hash values and IP addresses that malicious actors constantly change and are like Whack-a-Mole to defend – to higher level tools, tactics, techniques and procedures that, once understood, severely limit an attacker’s ability to inflict damage.
These are just some of the valuable frameworks to help understand and better protect against the top factors affecting your cybersecurity. But to actually put them to work in the form of robust solutions typically requires the right strategic partnership with an MSP that understands not just the latest threat models and intelligence streams, but also has deep familiarity with a financial firm’s unique business context and cybersecurity pain points. The risks to the organization’s security, operations and reputation are too great to do it alone.