Call Us for more information
Toll Free 800-531-3858

Top Cybersecurity Threats in the Banking and Finance Sector

In today’s economy, people are becoming more reliant on mobile banking and online transactions for buying goods and services. In 2021, the Federal Deposit Insurance Corporation (FDIC) concluded that 96% of American households had bank accounts, equating to at least one household member having either a checking or saving account. Safeguarding a user’s assets is the primary goal of cybersecurity in banking, and with financial institutions being the most targeted organizations for cyberattacks, they must prioritize cybersecurity highly.

In 2022, more than 60% of global financial institutions with a minimum of $5 billion in assets were hit by cyberattacks. Data breaches alone can cost American financial organizations an average of $5.97 million per breach, according to the 2022 IBM Cost of a Data Breach Report. Following health care, the finance industry is ranked the second-highest average cost per breach, and a few highly prevalent threats continue to push the stakes higher. If you work in banking and finance, take note of the top threats you may face today.

Ransomware Attacks in Banking and Finance

Ransomware is a method of cybercrime that hackers use to infiltrate and encrypt essential data to lock users out of their accounts until a payment is made. Ransomware attackers will use several extortion tactics to pressure victims into paying a ransom; however, paying the ransom is not always guaranteed to restore your system’s access. In 2021, 90% of banking and finance institutions experienced a ransomware attack, and another 90% were explicitly targeted for ransomware in 2018.

One instance of an attack happened in August 2021 when the AvosLocker ransomware group infiltrated the Pacific City Bank (PCB) in California. The bank revealed the attackers stole sensitive customer information, such as addresses, Social Security numbers, loan documents and tax forms, encrypted and locked the bank’s computer systems. PCB notified its customers of the breach immediately and offered one year of free credit monitoring and identity theft protection to its impacted customers.

Phishing Scams in Banking and Finance

Phishing attacks involve disguised emails with fraudulent yet convincing links and attachments to trick users into giving away personal information. Attackers contact users through email, text messages, or calls and may claim to work at a banking institution as a reason to request personal data or PIN information. In the first half of 2021, phishing attacks in the banking and finance industry rose by nearly 22%. Last year, phishing attacks targeting banking applications increased by about 38%. Employees and customers are both at risk of phishing attacks, and both need to be on the lookout for phishing that asks for login credentials or access to customer information.

Hybrid Work Issues in Banking and Finance

After the COVID-19 pandemic, some financial institutions remained on a fully remote or hybrid working schedule out of preference. Staff members would log in at irregular times from coffee shops, libraries or other places that lacked the protection of professional cybersecurity defenses. As a result, employees working through vulnerable personal devices or connecting to unsecured or under-secured networks exposed company servers to potential hacker threats.

Employees using their personal or business devices may unintentionally risk your institution’s data by connecting to fake Wi-Fi accounts or leaving computers unattended. Since employers have less control and visibility when employees work remotely, protection is limited, and there’s a higher chance that an employee may fall prey to an attack.

Knowing how to detect and respond to these cyber attacks is critical in planning response procedures and implementing adequate controls. The banking and finance industry should educate in-person and remote employees about these risks through cybersecurity awareness training programs and how to maintain secure hardware threat detection systems to minimize cyber attacks. Regular communication should also go out to customers, informing them of what to look for from hackers who might try to get personal information to access their login credentials.

At Computer Solutions, we can help your banking and finance institution install secure devices, implement a disaster recovery plan or provide ongoing management and threat detection services. Our team of cybersecurity experts offers comprehensive security solutions and risk-based security assessments that can protect your institution’s systems and users’ critical data. Learn how to minimize data breaches at your financial institution and contact us today to find out more or get started.