Learn about the impact of cybersecurity in the financial services industry, including regulatory requirements, attack methods, and security best practices.
What is financial cybersecurity?
Cybersecurity in the financial services industry involves applying security measures such as tools, frameworks, architectures, policies, and technologies to protect both information and monetary assets and ensure regulatory compliance.
The Importance of Financial Services Cybersecurity
Cybersecurity is paramount for the banking industry, particularly as more financial institutions embrace digital transformation. Modern banks handle vast amounts of sensitive financial data, making them prime targets for cybercriminals; the number of cybercriminals who target a bank multiplies with the number of banking services that a bank uses. What's more, is that regulatory compliance in the banking sector mandates stringent cybersecurity protocols and non-compliance can result in hefty fines.
Financial Services and Cybersecurity Regulations
Cybersecurity regulations mitigate and protect financial institutions and the financial sector by ensuring the safety, soundness, and resilience of financial systems. This doesn’t preclude the fact that the U.S. financial services regulatory landscape can be complex to navigate. Regulations can cover a variety of oversight areas, including safety and soundness, consumer financial protections, securities and derivatives markets, insurance, housing finance, and financial stability. Regulations and standards can also originate in both traditional financial oversight organizations, such as the Board of Governance of the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC), as well as other government agencies with cyber oversight, such as the White House and the Federal Communications Commission.
When navigating the financial cybersecurity regulatory environment, it is important to work with a cybersecurity provider that understands the unique financial regulatory landscape and can help businesses operating in the financial services sector ensure compliance with regulations.
Why is cybersecurity important for financial services companies?
U.S. financial services providers hold a vast amount of highly sensitive and personally identifiable information (PII). In addition, the U.S. financial services market is the largest and most liquid in the world. In 2018, the U.S. banking system alone had $17.9 trillion in assets and a net income of $236.8 billion. This large amount of sensitive information coupled with the sizable dollar figures makes businesses operating in this industry an attractive target for cybercrime.
In addition, more individuals and businesses are conducting financial transactions online using internet banking and mobile apps. Financial entities are also outsourcing more services and using more third-party apps and code on their websites. The technological expansion of financial services internet technology not only increases the attack surface area but also introduces new vulnerabilities in financial transactions.
Cyberattacks on the financial services industry are growing exponentially, necessitating robust cybersecurity practices.
What types of threats and attacks are most common in the financial services sector?
Not surprisingly, an organization operating in the financial services industry is subject to all types of cyber threats. However, some threats are more common than others:
- Phishing—Phishing (mass phishing, spearphishing, and whaling) is still a favorite attack tool for cybercriminals against financial services businesses. FINRA regularly issues warnings to members advising of phishing campaigns purporting to come from FINRA. The emails often seek information like usernames and passwords or attempt to install malware by encouraging the recipient to click on a link, attached document, or image.
- Imposter Websites—Cybercriminals often create lookalike websites based on legitimate financial service company websites to try to entice customers to log in, so the criminal can capture usernames, passwords, and sensitive financial account information.
- Malware—Threat actors use malware for a variety of purposes, including accessing sensitive data and networks. Malware can come from a variety of sources, including existing system, software, or application vulnerabilities, as well as email attachments.
- Account Compromise or Takeover—Using information obtained in data breaches, on the dark web, via malware, or through phishing attacks, cybercriminals regularly target financial service industry employees and customers to access login credentials and conduct unauthorized financial transactions in banking or investment accounts, corporate systems, and credit cards.
- Business Email Compromise (BEC) & Fraudulent Wires—Threat actors often use the business email compromise scenario to obtain easy money. BEC works by spoofing the email address of a corporate executive or someone else with the authority to issue funds. An email is then sent from the email address to another employee requesting a wire transfer. Because the email looks legitimate, the recipient may initiate the wire transfer process, ultimately sending money to the criminal. Attacks like this most often happen with firms that do not have safeguards or verification procedures in place for wire requests.
- Ransomware—Ransomware is the scourge of most businesses today, and organizations in financial services are no exception. Ransom requests usually involve the payment of cryptocurrency to decrypt files and systems.
- Distributed Denial-of-Service (“DDoS”) Attacks—Cybercriminals also often resort to DDOS attacks against financial services organizations in exchange for a ransom payment. A recent DDOS attack against a US financial services firm involved a 17.2-million request-per-second attack, involving 20,000 bots in 125 different countries. Fortunately, this attack was mitigated before it caused too much damage, however, many DDOS attacks end up involving costly extortion scenarios.
- Supply Chain and Vendor Breaches—Threat actors love using backdoors and vendors that are connected to financial services companies often offer the break cybercriminals are looking for. By hacking into a third-party system to get into a financial services company, criminals can steal both highly sensitive customer information and money. An excellent example is the SolarWinds breach of early 2021. By compromising a single, widespread vendor, threat actors were able to gain direct access to sensitive systems around the world and pick the most valuable targets from there.
- Magecart and Other Types of E-skimming Attacks—Cybercriminals are notorious for attacking websites owned by financial services companies by targeting unpatched or vulnerable website code, JavaScript, or third-party apps and code used to enhance website functionality. Once they’re in the system, they use malware to steal user information, including credit card data from victims.
Financial Services Cybersecurity Best Practices
Continuous regulatory change can be one of the biggest challenges to achieving and maintaining compliance. Organizations in the financial services sector should always follow these cybersecurity best practices:
- Institute a formal security framework—The most common frameworks in use are NIST’s Cybersecurity Framework and the guidelines provided in the FFIEC Information Technology Examination Handbook.
- Implement robust identity and access management technology and policies: IAM services are as much about the technology as they are about the policies and how they are applied. Organizations need clear and well-developed policies around IAM, including key components such as MFA, roles-based access, and zero trust policies.
- Engage in continuous threat monitoring: Partner with a managed detection and response (MDR) provider to help monitor, detect, and respond to threats to ensure an up-to-date view and management of information security risk.
- Implement a comprehensive vulnerability management system: Be sure to update and patch software and hardware quickly and regularly. Unpatched vulnerabilities are the cybercriminal’s preferred ransomware attack vector.
Other Solutions to Consider
Web Application Firewalls
Web Application Firewalls (WAFs) help banks align with cyber security trends in financial services, especially when it comes to protecting web applications from security threats. Think of WAFs as the shield between your web app and the internet that scrutinizes incoming traffic to cyber attacks. By filtering out harmful traffic and preventing unauthorized data access, WAFs ensure that financial institutions can maintain the integrity and confidentiality of sensitive financial data, a necessity in the face of increasingly sophisticated web-based attacks.
DDoS Protection
The integration of DDoS (Distributed Denial of Service) protection with your WAFs is vital to a comprehensive cybersecurity framework for financial institutions. DDoS protection safeguards your financial institution against overwhelming traffic attacks that aim to disrupt the availability of your services; WAFs defend you from more direct attacks on your web apps. Together, DDoS protection and WAFs form a robust defense mechanism and ensure the availability and security of your services.
Vulnerability Assessment and Penetration Testing (VAPT)
Regular VAPT (Vulnerability Assessment and Penetration Testing) assessments scan for potential weaknesses in your systems, while penetration testing actively simulates cyber attacks to test defenses. This dual approach allows you to proactively discover and rectify security gaps before attackers can exploit them, reinforcing the safeguarding of sensitive financial data and maintaining trust in their digital services. VAPT is essential in preemptively countering cyber threats in the constantly evolving financial cybersecurity landscape.
Cybersecurity Services for the Financial Services Sector
These cybersecurity services can help financial services organizations stay on top of the dynamic regulatory and industry standards:
- Environment review and scope validation
- Gap/readiness assessments to determine areas of deficiency
- Reviews and assessments of IT controls in light of compliance drivers
- Formal compliance assessments and advisory services for a wide range of requirements and frameworks.
Next Steps
The financial services sector is a primary target for a wide range of relentless and sophisticated cyberattacks like phishing, DDOS, and ransomware. It is important to work with a security team that understands both the complexity of the cyber threats and the scope of financial services compliance as it relates to cybersecurity. GuidePoint Security is experienced in offering the best and most comprehensive protection for businesses operating in the financial services sector, and helping those companies manage the complexities of a governance, risk, and compliance program.