Financial institutions in the United States have been at the mercy of an onslaught of unforeseen circumstances over the last 2 years. From the COVID-19 pandemic, to record low mortgage rates, to war in Ukraine, organizations are experiencing no shortage of impactful events. With so much uncertainty, it’s only natural for financial institutions to be wary of any type of investment – whether it’s personal lending, infrastructure improvements, or even cybersecurity protections. While banks and credit unions have been rightfully cautious about spending on banking services and improvements, organizations cannot waver on cybersecurity spending now more than ever.


When the world shut down in early 2020 for the COVID-19 pandemic, physical locations for financial institutions came to a grinding halt. Businesses around the world closed their doors with no idea when or if they would reopen. Employees were suddenly working from home, and virtual platforms became the basis for human interaction. Online and mobile banking activity skyrocketed, and so did the cybersecurity attacks against those platforms.

The financial sector saw a staggering 520% increase in phishing and ransomware attacks in just three months, from March to June of 2020. With the abrupt change to remote work, cyber attackers jumped at the opportunity to exploit weak VPN configurations and remote access protocols. Even with the dramatic uptick in potential threats, many financial institutions still delayed their typical cybersecurity testing to later in the year, with some even pushing it into 2021.

2020 and 2021 successively beat the record for most zero-day vulnerabilities found in a single year, with 30 discovered in 2020 and a whopping 80 found in 2021. These numbers are in part due to improvements in detection and communication, but even so, these vulnerabilities present easy avenues for attackers to breach your systems. While reporting on vulnerabilities is incredibly helpful for your patch management efforts, it’s often a race between IT teams and malicious attackers looking to exploit known vulnerabilities.

Maintaining your regular cybersecurity testing, including vulnerability scanning, has to be a priority for financial institutions, beyond just passing yearly compliance examinations. New vulnerabilities are constantly being discovered, and if your organization isn’t staying up to date, you could be the next victim in the news.

Housing Market

Late 2020 through 2021 saw record low interest rates in the United States, averaging only 2.96% on a 30-year mortgage. Homeowners raced to their bank or credit union (online, that is) to refinance their homes and residential properties. With physical locations closed, financial institutions had to perform record numbers of transactions and communications from the easily exploitable avenues of phone and email.

The easiest and most successful compromises are made possible through the human error of your employees. Increased financial activity via phone and email, especially with the added volume of people refinancing, left a lot of room for phishing and vishing scams.

Many financial institutions have implemented a dual authorization protocol, which requires two parties to approve financial transactions between parties. Put plainly, this step means that two employees of the financial institution must authorize electronic third-party payments. With two sets of eyes on every transaction, you’re much less likely to pay out fraudulent requests.

More than ever, financial institutions need to be performing regular phishing and vishing testing for their employees. With how much remote work has been normalized, every single employee must be able to recognize phishing emails and properly verify users over the phone.

TraceSecurity offers phishing and vishing testing for your employees to see how well they recognize these social engineering attempts and adhere to your email and phone security policies. Most of these engagements are combined with our educational videos and quizzes for those who fail a test by clicking a link, opening an attachment, or complying with over-the-phone requests.

Supply Chain & Inflation

In late 2021, unrest between Russia and Ukraine began to impact the global economy on a large scale, from supply chain to inflation. Crude oil prices started climbing, affecting all stages of production processes worldwide. The cost of crude oil is considered one of the most influential price benchmarks for the global economy, and rising prices have been a cause for concern for businesses and individuals alike.

Between record high gas prices and inflation rates, goods and services across the board are showing price increases like never before. The global supply chain is being affected at every level, from development to manufacturing to shipping to labor, causing ever-increasing prices for goods and services.

When it comes to cybersecurity, the compliance requirements passed down by federal regulators are continuing to expand. As your business grows, so does the risk to your organization’s assets and the necessity of protecting them. The more assets you have to secure and the more federal regulations you have to comply with, the more your institution will need to allocate for cybersecurity spending.


While we’re all hoping to avoid a repeat of the 2008 recession, there’s enough writing on the wall for institutions to be formally discussing the future of their cybersecurity needs in this evolving economic landscape. As we all continue to implement more technical solutions, the necessity for cybersecurity protections will continue to grow with no end in sight. All of the uncertainty in the world cannot be the reason that your organization falls short on cybersecurity.

Let's Connect!

Contact Us