By Lloyd Webb, VP Sales Engineering EMEA at SentinelOne

The finance and banking industry is facing a dramatic surge in both the frequency and sophistication of Cyber attacks. Indeed, the number of ransomware attacks on Financial services has nearly doubled from the 34 percent reported in 2021 to 64 percent in 2023. And when it comes to responding to them, time is of the essence. However, only 19 percent of organisations were able to stop an attack before their data was encrypted and made inaccessible and unreadable without a decryption key. This leaves eight out of ten organisations facing the far-reaching consequences of a breach.

In today’s dynamic threat landscape, it’s essential to understand the potential risks and emerging threats impacting the financial sector, and how to best fortify finance firms’ defences against them.

Finance industry cyber threats

The two of the biggest risks to financial institutions’ ability to operate and safeguard customer data are Ransomware-as-a-Service (RaaS) and sophisticated Distributed Denial of Service (DDoS) attacks.

RaaS attacks are typically highly refined, fast-spreading and difficult to pinpoint. The main feature of RaaS attacks is the use of already-established threats that are “franchised” by accomplished threat actors to other malicious parties, in exchange for a portion of the ransom proceeds. This model paves the way for less experienced attackers to exploit vulnerabilities and interrupt businesses. Organisations that fall victim to RaaS attacks – and decline the ransom payment – often need to rebuild their IT infrastructure from scratch to reinstate normal business operations.

DDOS attacks are equally sophisticated but adversaries take a different approach to attack their victims. In this type of attack, the goal of threat actors is to render a machine or network resource unavailable to legitimate users by overwhelming the target or its surrounding infrastructure with traffic. DDOS attacks surged dramatically with reportedly a 200 percent year-on-year increase.

Consequences of an attack

No matter which approach bad actors utilise to infiltrate the system, once they have breached it, an organisation will need to deal with the consequences. These can include specific steps like providing an official report or informing authorities. It can also involve expending significant financial resources for the ransom payment, or fees for things like forensic analysis, PR crisis communications, or legal advice. Costs may vary depending on the severity and the length of the attack. Nevertheless, a single incident can seriously strain a business’ financial performance, disrupt business operations and cause reputational damages.

Some of the consequences of a breach may include:

• Ransom Payments: According to a survey ransomware payments have nearly doubled to £1.2m over the past year. Despite that just over half of businesses (57%) and four in ten charities (43%) follow the policy to not pay ransomware payments.
• Various fees: An organisation may engage cybersecurity experts to determine the attack pathways, the extent and characteristics of the breach, and to track the actions of the intruder, which would incur forensic analysis and investigation fees. Also, there might arise the need for public relations (PR) and crisis management fees for the management of the institution’s public image and response to media inquiries through a PR and comms professional. Additionally, businesses without in-house legal teams would face paying for legal advice to navigate any post-incident outfall such as potential liability, regulatory compliance, and contractual obligations. Lastly, organisations may be forced to pay higher cyber insurance premiums.
• Customer compensations and remediation: Depending on the data exposed in the breach, financial organisations may need to provide credit monitoring and identity protection services to impacted customers to decrease the risk of identity theft. This may also involve compensating customers in case of unauthorised account access or fraudulent transactions.
• Regulatory and legal consequences: Financial service organisations need to adhere to strict compliance frameworks, and may become liable for paying fines after an incident. This may happen in case of breaching compliance with data protection and cybersecurity regulations. For example, breaching GDPR may cost a financial institution up to £17.5 million or 4% of annual global turnover– whichever is greater. This already substantial statement may increase further if the affected customers and parties decide to take legal action to claim damages after a cybersecurity breach. In such cases, they will cause not only legal defence and settlement costs but also potential reputational damage from such actions leading to a long-lasting financial strain.

Building long-lasting resilience

Cyber attacks not only disrupt business operations and damage reputations but in worst-case scenarios, ransomware and DDOS attacks could bankrupt an organisation. To mitigate the risk of an attack, cybersecurity leaders need to adopt strategies that will bolster their cyber defences. One recommended approach is to operate under the assumption that an organisation’s infrastructure has been already compromised.

Operating under the assumption that bad actors have infiltrated corporate infrastructure, security teams can establish predetermined procedures to continuously monitor and detect anomalies, and deploy further threat-hunting techniques to ensure they spot malicious activity early on. This proactive approach equips financial institutions to swiftly detect and mitigate potential threats, providing an edge over cyber adversaries.

Implementing effective endpoint security is another vital strategy. Endpoints are key access points for cybercriminals to infiltrate networks, including everything from remote devices, like laptops and smartphones to desktops and servers, and even cloud assets and storage surfaces. Cyber threats like malware, ransomware, and phishing attacks often target endpoints to gain access to sensitive data or to launch further attacks.

In response to these escalating cyber threats, modern endpoint security solutions like Extended Detection and Response (XDR) have emerged. XDR collects and analyses data from different devices and security tools to fortify defences. This provides organisations with more complete visibility of their security landscape and allows for automated response capabilities. Having a holistic vantage point on data from endpoints, networks, and the cloud is crucial for detecting early signs of a cyber intrusion before it escalates – and enabling financial organisations to respond faster and more effectively to cyber threats.

Future-proofing financial organisations

The threat landscape is constantly evolving, but financial institutions and the banking sector continue to be a consistent target for well-funded and sophisticated threat actors.

And as adversaries continuously refine their tactics, there is a pressing need for the finance sector to comprehensively understand the threats it is facing and implement the right cybersecurity protocols and tools to counter them. These actions are crucial not only for safeguarding financial systems but also pre-empting attacks before they occur.

The post Mission critical: Fortifying financial services’ cyber defences appeared first on Finance Derivative.