The global financial sector has experienced an exponential rise in cyber-attacks over the last four years. Today, this is even more of an issue both from a sector and geo-political perspective. External market figures suggest that in the year 2020 alone there was an increase of over 200% in cyber-attacks in the financial sector globally.
The financial sector is not alone in seeing this increase; we have seen similar attacks in the healthcare and Oil & Gas sector. However, in addition to the disruptions cyber-attacks cause financial institutions, the impact potentially can be catastrophic from a geo country financial health perspective. We have already seen the implications of cyber-attacks across a number of countries over the last year including New Zealand with outages in the New Zealand Banking Grp; attacks on Liquid, a Japanese cryptocurrency exchange; Fiducia & GAD, German technology operator serving the nation’s cooperative banks that was hit by a DDoS attack; and lastly attacks on SWIFT, the global financial system’s main electronic payment messaging system, on which hackers attempted to steal more than $1bn.
Vulnerabilities in the financial sector
As global economies move forward in 2022 and geo political international relations descend to an all-time low, the question surely on the minds of global governments is not if but by how much financially and politically will states suffer as a result of future cyber-attacks on the global financial sector.
From a sector perspective, besides the obvious, there are a number of reasons the financial sector is prone to cyber-attacks. Some of these are related to the uptake of modern technology and transformation that financial institutions are going through in the modern digital era. This includes traditional banks increasing the use of digital channels as they compete with fintech companies and address Covid-19, and the growth in digital currencies. The other piece to the jigsaw is the regulatory stance – this is where financial institutions have gone through a wave of regulatory changes, particularly around privacy/data and consumer rights.
Ultimately, the motivation behind attacks has been money and in minority of the cases geo-political disruption. Also, cyber criminals are becoming more knowledgeable with the mechanics the financial sector operates in, and subsequently are utilizing specialist tools and services to conduct their crimes. This includes ransomware crimes, distributed denial of service (DDoS) attacks and phishing which accounted for the majority of attack methods.
Fighting Cyber Attacks in the Financial Sector Is a Joined Effort
GlobalData previously outlined a number of recommendations on an article it published regarding the European Commission’s joint cybersecurity unit to protect EU member states from attacks on their national infrastructure. Here, GlobalData made firm recommendations that a joined-up committee between member states, enterprises and technology providers was required to tackle cybercrime across EU member states. The foundations of this strategy also very much applies to the financial sector, where there needs to be greater collaboration across the players connecting the global financial system. There also needs to be standardisation on cybersecurity frameworks like NIST 800-53, ISO 27001 and NIST CBF across member states globally.
Financial institutions also need to make further investment in security across the enterprise, with risk teams focusing more on risk management through the complex interplay of technology, people, and process rather than any one thing.
Rajesh Muru is Principal Analyst: UK Cybersecurity Lead, GlobalData