A recent IBM Security study stated that businesses in the financial sector were attacked 65% more than businesses in other sectors in 2016, and over 200 million total records were stolen, an increase of 937% over 2015. In the last two years, the industry saw a variety of attacks on institutions big and small, and these numbers will only continue to increase as hacking technology gets more sophisticated and hackers go directly to the source, your customers’ money.
In 2015, bot attacks rose significantly-resulting in a 40% increase in attacks-and was responsible for 45 million attacks in the last three months of the year. These attacks have the potential to disrupt services or confiscate unauthorized information and affect business operations. Or in the worst-case scenario, they can completely shut down large banks, casting a cloud of instability and undermine the confidence in national and global financial arenas.
Last year was a rather troubling year for cyberattacks within the financial industry. However, knowing about these high profile attacks, financial institutions can gain some understanding of how attackers approach financial firms—and ultimately better mitigate risks. Here are two high-profile attacks that provide valuable lessons that any financial company should take note of:
- SWIFT and the Central Bank of Bangladesh Heist
The attackers made off with $81 million when it hacked into the Central Bank of Bangladesh and gained access to their Society for Worldwide Interbank Financial Telecommunication (SWIFT) account. The hackers used SWIFT data to send fraudulent money transfer requests to the Federal Reserve Bank of New York to transfer funds to other banks throughout the world. Thankfully, a spelling mistake on the transfer instructions prevented it from becoming a nearly $1billion heist, but this attack still proved that cyberattacks can compromise an entire global trading network.
- The HSBC Attacks Showcases the Dangers of DDoS Attacks
One of UK’s largest financial institution, HSBC, was the victim of an attack that had its system down for several hours. While HSBC is financially stable enough to have survived this type of disruption to their business, other smaller institutions may not be able to overcome a DDoS attack which can cost a business up to $250,000 per hour.
It’s clear that more needs to be done to address the vulnerabilities that financial institutions face with cyber threats. Knowing how hackers get into your institution in the first place is a good starting point.
According to 2016 Enterprise Phishing Susceptibility and Resiliency Report, 91% of the cyberattacks start with a phishing email. Unfortunately, there’s no one technique that will work in every situation, but a simple step anyone can take is to check the integrity of any embedded URLs by hovering the mouse over the URL. If the hyperlinked address is different from the address that is displayed, the message is likely to be fraudulent. Even if an email is from a trusted source, it’s better to err on the side of caution. If something doesn’t look right, it’s best to not open the email or click on any links. For financial institutions, it’s imperative that you focus on protecting your infrastructure and educating employees about potential scams. Fostering cyber awareness in employees can lower phishing attacks, exponentially. Here are some steps your financial institution can take to proactively mitigate risks:
- Minimize insider threats with access control
By tightly controlling who has access to sensitive information and technology, insider threats are greatly reduced from both malicious and unknowing actors.
- Offer employee training to recognize threats
To minimize threats, train your employees how to recognize a phishing email or a questionable website, especially your new employees. Periodic refreshers should also be mandatory.
- Develop, implement, and practice an incident response plan
It’s a lot of work to develop a plan for an incident response, but it’s definitely better than scrambling when the inevitable happens. Don’t forget to do regular drills either.
- Protect employees from fraud
It’s in your institution’s best interest to protect your employees from fraud. Proactively mitigate the risk by offering identity and digital protection can also protect your employees’ information from a data breach.
While cyberattacks are not 100% preventable, your institution can mitigate risks and reduce damages by offering identity and digital protection to your employees and customers. t’s critical to work with a company who can offer best-in-class products and services for your institution. At Generali Global Assistance, we are committed to offering top-notch identity protection services, and an award-winning resolution team who is available 24/7 to help your customers and employees recover their identity and assets. To learn more about the benefits of offering identity protection services, sign up for email updates.