The banking industry has famously been the target of many malicious hackers, leading to cybersecurity in banking becoming a major investment for many organizations. Bank of America spends upwards of $1B just on cybersecurity, and for good reason.
A research report from the New York Federal Reserve notes that financial firms experience 300 times more cyber attacks than firms in other industries. Financial companies make for extremely attractive targets for a number of reasons.
- Nation-state or state-sponsored hackers can wreak havoc on a country simply by crippling or bringing down a major financial firm.
- Hackers aim at financial firms for major payoffs. Ransomware is particularly effective given how little the banking industry can afford to have any downtime and direct access to funds depending on the attack can turn lucrative quite quickly.
- The banking industry can be used as a vector to attack other organizations.
In this post-COVID world, the banking industry is facing new novel challenges they need to address in order to stave off a rising threat. Here’s a list of key cybersecurity challenges the banking industry is facing and what we recommend to do.
Challenge 1: Ransomware
We’ve mentioned it multiple times but it’s worth repeating. Ransomware has risen dramatically during the pandemic, incidents continue to rise well-past 2021 and the banking/finance industry has been hit especially hard
While all organizations in all industries have experienced a dramatic rise in ransomware attacks, the banking industry has been especially hit hard. One report showed that in 2021, there was a 1000%+ increase in ransomware attacks against the banking industry.
Due to the nature of ransomware attacks, they usually prevent an organization from carrying out their business function. While this can be manageable for a few companies who can afford to shut down for several hours or even a few days, many banking institutions can’t, making them very attractive targets. Ransoms are much likely to be paid and the costs continue to rise.
The rise of RaaS is also contributing to the increase in ransomware. Ransomware hacker groups are licensing their ransomware and services, making it harder for companies to fight against new ransomware variants. As more criminal hacker organizations work together, we’re seeing ransomware skip the traditional phishing and pray-and-spray method of attacks and are instead deploying ransomware post-infiltration, significantly increasing the chances of success.
Challenge 2: The banking industry increased attack surface
Over the past decade, the banking industry has been forced to adapt to a digital-first world for both businesses and consumers. Fewer and fewer consumers are using cash and instead opting for digital and contactless payments, encouraging companies and businesses to develop and support electronic banking services.
The emergence of Fintech companies like Plaid and Stripe, powering digital bank integrations for major financial institutions, and digital-forward consumer banking companies like Venmo, Stripe, and PayPal, are pressuring large traditional banking to offer digital services like having digital portals to access accounts, faster digital transactions, apps, and more integrations across banks and other companies.
While this has provided a lot of benefits to consumers and companies alike, this has also significantly increased the attack surfaces of these banks. An increased third-party vendor ecosystem raises the risk of a hacker getting into a bank’s network via a third-party.
The use of apps and other digital services not only provides more vectors for an attacker to exploit, but also raises the risk that a misconfiguration or improper form of storing data can lead to a major data leak/exposure. We’ve already seen how this risk can play out in the real world. Capital One’s massive hack in 2019 was the result of an Amazon employee hacking into Capital One’s AWS server.
Challenge 3: Uninformed employees
Despite banks investing a huge amount in cybersecurity, employees continue to be a risk vector, especially as new threats and risks emerge. Banking institutions have hundreds or thousands of employees — if they’re not properly trained or if previous training hasn’t addressed new risks or threats that are more current and common, it can lead to a compromise.
Attacks like phishing, ransomware, BEC, and social engineering still use employees as the first point of compromise or entry. If your staff isn’t equipped to handle these threats, there’s a huge blind spot that will inevitably be exploited.
This risk has compounded since the pandemic — as employees work remotely and on their own devices, it’s much more difficult to ensure and apply security given the distributed and disconnected network.
Challenge 4: The cybersecurity talent gap in banking
Cybersecurity departments have always been short-staffed, due to budgets but also availability. There just aren’t enough cybersecurity experts with the training and knowledge for the companies who need them. Given the increased attack surface, new risks, and threats, cybersecurity in banking is incredibly important but the demand for cybersecurity talent continues to outweigh the supply.
This is largely because cybersecurity departments never have enough budget or approved headcount, making the environment for staff extremely stressful, increasing turnover and decreasing retention rates. Talented cybersecurity staff often move to cybersecurity-focused organizations who offer a better working environment and training as part of career development. This is part of the reason why the cybersecurity industry has a zero percent unemployment rate.
This problem is only compounded by the fact that new skills, training, and development is needed as new products, solutions, tools, processes, threats, risks, and environments change in cybersecurity, making it more difficult to find qualified employees with the most up to date training and education. As banks fall behind in staffing, they risks exposing themselves even more.
A recommendation list for banking cybersecurity
Banks don’t have it easy – but it doesn’t mean they’re helpless. Security leaders in financial institutions should develop a comprehensive roadmap directly addressing the most critical of these issues and setting goals for the cybersecurity state they want their organization to reach.
Regarding specific actions you can take, here’s a list of our recommendations.
- Leverage MDR services and full-suite cybersecurity partners: Given the risk and threats the banking security face, they should partner with any organizations offering managed services in order to fill the talent gap your company is likely facing. These companies can offer 24/7 protection and dedicated cybersecurity staff in case a compromise does occur.
- Establish a continuous security awareness training (SAT) program: Even if you have an SAT program in place, consider a reassessing the program to ensure it’s up to date, effectively training employees, and offers a follow-up for at-risk employees or departments
- Invest in detection and response tools: Various detection and response tools (like EDR and MDRs) can give you the insight necessary to know if any unauthorized individual is finding their way into your environment. Given the shifted trajectory ransomware attacks are taking, this can help you stay proactive and prevent a successful ransomware attack.
These are a few major steps towards boosting your organization’s security posture and aren’t the kinds of actions you can take overnight. Plan ahead, balance your goals, objectives, and expectations, and identify what you’ll build and maintain in-house and what you’ll rely on a partner for. It will help you understand what kind of partner you might need and give you a strong starting point when you initiate conversations with a vendor.
Learn more about the top security challenges facing the banking industry.