Cybersecurity Threat Landscape
July 19, 2022
Intro
Financial institutions in the United States have been at the mercy of an onslaught of unforeseen circumstances over the last 2 years. From the COVID-19 pandemic, to record low mortgage rates, to war in Ukraine, organizations are experiencing no shortage of impactful events. With so much uncertainty, it’s only natural for financial institutions to be wary of any type of investment – whether it’s personal lending, infrastructure improvements, or even cybersecurity protections. While banks and credit unions have been rightfully cautious about spending on banking services and improvements, organizations cannot waver on cybersecurity spending now more than ever.
COVID-19
When the world shut down in early 2020 for the COVID-19 pandemic, physical locations for financial institutions came to a grinding halt. Businesses around the world closed their doors with no idea when or if they would reopen. Employees were suddenly working from home, and virtual platforms became the basis for human interaction. Online and mobile banking activity skyrocketed, and so did the cybersecurity attacks against those platforms.
The
financial sector saw a staggering 520% increase
in phishing and ransomware attacks in just
three months, from March to June of 2020. With the
abrupt change to remote work, cyber attackers jumped at the opportunity to
exploit weak VPN configurations
and remote access protocols.
Even with the dramatic uptick
in potential threats, many financial
institutions still delayed
their typical
cybersecurity testing to later in the year, with some even pushing it into
2021.
2020
and 2021 successively beat the record for most zero-day vulnerabilities found
in a single year, with 30 discovered in 2020 and a whopping
80 found in 2021. These numbers are in part due to improvements in
detection and communication, but even so, these vulnerabilities present easy
avenues for attackers to breach your systems. While
reporting on vulnerabilities is incredibly helpful for your patch management
efforts, it’s often a race between IT teams and malicious attackers looking to
exploit known vulnerabilities.
Maintaining
your regular cybersecurity testing, including vulnerability scanning, has
to be a priority for financial institutions, beyond just passing yearly
compliance examinations. New vulnerabilities are constantly being discovered,
and if your organization
isn’t staying
up to date, you could be the next victim in the
news.
Housing Market
Late 2020 through 2021 saw record low interest rates in the United States, averaging only 2.96% on a 30-year mortgage. Homeowners raced to their bank or credit union (online, that is) to refinance their homes and residential properties. With physical locations closed, financial institutions had to perform record numbers of transactions and communications from the easily exploitable avenues of phone and email.
The
easiest
and most
successful compromises are
made possible through the human error of your
employees. Increased
financial activity via phone and email, especially with the added volume of
people refinancing, left a lot of room for phishing and
vishing scams.
Many
financial institutions have implemented a dual
authorization protocol, which requires two parties
to approve financial transactions between parties. Put plainly, this
step
means that two employees of the financial institution must authorize electronic
third-party payments. With two sets of eyes on every transaction, you’re
much
less likely to pay out fraudulent
requests.
More
than ever, financial institutions need to be performing regular phishing and
vishing testing for their employees. With how much remote work has been
normalized, every single employee must be able to recognize phishing emails and
properly verify users over the phone.
TraceSecurity
offers phishing and vishing testing for your employees to see how well they
recognize these social engineering attempts and adhere to your email and phone
security policies. Most of these engagements are combined with our educational
videos and quizzes for those who fail a test by clicking a link, opening an
attachment, or complying with over-the-phone requests.
Supply Chain & Inflation
In late 2021, unrest between Russia and Ukraine began to impact the global economy on a large scale, from supply chain to inflation. Crude oil prices started climbing, affecting all stages of production processes worldwide. The cost of crude oil is considered one of the most influential price benchmarks for the global economy, and rising prices have been a cause for concern for businesses and individuals alike.
Between
record high gas prices and inflation rates, goods and services across the board
are showing price increases like never before. The global supply
chain is being affected at every level,
from development to manufacturing to shipping to labor,
causing ever-increasing prices for goods and services.
When
it comes to cybersecurity, the compliance
requirements passed down by federal regulators are continuing
to expand. As your business grows, so does
the risk to your organization’s assets and the necessity of
protecting them. The more assets you have to secure
and the more federal regulations you have to comply with, the more your
institution will need to allocate for cybersecurity spending.
Conclusion
While we’re all hoping to avoid a repeat of the 2008 recession, there’s enough writing on the wall for institutions to be formally discussing the future of their cybersecurity needs in this evolving economic landscape. As we all continue to implement more technical solutions, the necessity for cybersecurity protections will continue to grow with no end in sight. All of the uncertainty in the world cannot be the reason that your organization falls short on cybersecurity.
Resources
https://www.upguard.com/blog/biggest-cyber-threats-for-financial-services
https://tradingeconomics.com/commodity/crude-oil
https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline
https://www.usinflationcalculator.com/inflation/current-inflation-rates/
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html