This article explores the various aspects of the threat landscape, from the complex nature of IT landscapes to targeted employees and phishing. It also outlines how financial institutions can mitigate the risks associated with the emergence of cybercrime. It identifies four key risk areas to keep an eye on:
Complexity of IT landscapes:
As the world becomes more complex, so do the IT landscapes of financial institutions. Old mainframe systems are a common obstacle to change and innovation for banks. Often, banks must go years without releasing new products and services due to outdated or inefficient systems. These legacy systems may not even be compliant with current security standards. The complexity of the IT landscape can also hamper the development of new business models. Further, the skills required to develop and maintain these systems are dwindling.
The complexity of IT landscapes for financial institutions is growing as a result of technological advancement and digitization. These forces are driving significant IT infrastructure investment. However, this rapid expansion also increases cyber risk and is creating new challenges for the IT teams of these financial institutions. The rising cost of capital and regulation is further pressuring existing business operating structures. Disintermediation of the financial industry is also driving new investors and non-bank financial institutions into the market. Additionally, banks need to manage capital requirements and spend on compliance upgrades.
Targeting of employees:
The target of a personal cyberattack is usually an employee. While it may seem innocuous, an employee could share sensitive information with a stranger and the attackers can get access to it. Employees that use public Wi-Fi are also at risk of man-in-the-middle attacks. Threat actors intercept data transmissions to gain access to sensitive information. To combat the risk, employees must set strong passwords, ideally consisting of at least eight characters, and should use alphanumeric and numeric characters. Employee passwords must be changed regularly to avoid hacking.
An internal cyber threat may be in the form of a keylogger, also known as keyboard capturing software. Keylogging software records every stroke of the keyboard, including the passwords of employees. Hackers could then use that information for phishing attacks or other malicious purposes. Even if employees aren’t aware that their personal accounts have been compromised, they could try those passwords on work systems. It’s important to protect sensitive information in all parts of your organization.
While most financial institutions have a firewall in place, phishing attacks do not target the corporate network directly. Instead, they target the end user while they browse the internet. Once an end user provides a phishing credential, the information it obtains will be used for identity theft, network compromise, and financial fraud. Current firewalls and intrusion detection systems cannot stop this type of attack. Therefore, financial institutions need to look for other ways to protect their end users.
For example, phishing scams can be delivered by html links, e-mail, and other phishing vectors. Financial institutions can mitigate their phishing risk by implementing best practices that help protect them from these types of attacks. Those best practices include publishing Sender-ID/SPF email server authentication records and participating in digitally signed email pilots. But phishing attacks are not confined to e-mail.
In addition to storing sensitive data on secure servers, backups for financial institutions can protect themselves from cyber attacks and other threats. Some banks and financial institutions use backups to protect themselves from ransomware attacks. But these backups can be compromised as collateral damage as well. One recent cyber-attack, which targeted CERT-Wavestone clients, erased all backups before infecting their system. This attack demonstrated the vulnerability of backups.
Although ransomware does not compromise the integrity of production data, it can severely damage the reputation of financial institutions. Furthermore, ransomware attacks can lock customers out of their accounts and halt operations. This makes system backups vital. Using real-time techniques, however, can have serious consequences. In some cases, these real-time methods are not reliable because they risk replicating malware onto the backup systems. In such cases, banks should segment their networks and retain offline copies of their data. A backup without infected data is essential for recovery.
Identifying lost data and removing it as quickly as possible is a critical first step to recover from cyber threats. A task force can take the lead in this process, and the first step should be to gather the facts in order to determine how the incident happened and what needs to be done to make the system secure again. Documentation of the attack’s type and impact on customers and suppliers is crucial. Then, a plan for recovery should be developed.
In some cases, a ransomware attack can make your most recent data backup useless. The best way to recover is to have a backup plan for each system component. This way, if you accidentally deleted an important file or deleted an entire directory, you can regain access to it. However, the time to recover from a cyber threat can cost a significant amount of money. For instance, recovering lost data and restoring systems can take up to 80 days.
Miguel Gabriel is a research-based content writer. He has worked in various industries, including healthcare, technology, and finance. He is currently working as an writer in research prospect famous for dissertation writing and essay writing services. When Miguel is not writing or researching, he enjoys spending time with his family and friends. He also loves traveling and learning about new cultures.