According to the 2019 “IBM X-Force Threat Intelligence Index” report, “the finance and insurance sector has been the most-attacked industry for three years in a row, with 19 percent of total attacks and incidents in 2018.” As the evolving threat landscape grows, so does customer demand for convenience, raising concerns for those who are ill-prepared. In this environment, being transparent and demonstrating a mature, integrated business and security model is critical for building trust.

Financial Services Firms Face Daunting Challenges

The steady drumbeat of attacks has made security a priority issue for financial services executives. Despite the obvious importance of security for financial services organizations, the level of preparedness across the industry varies and many firms struggle to address increasingly complex challenges. Let’s take a closer look at some of the most common obstacles financial institutions face.

Threats of Systemic Cyberattacks on the Financial Services Industry

Often, larger financial institutions have sophisticated security capabilities, but smaller firms may not. As the industry grows more and more interconnected, the security vulnerabilities of some can increase risks for many across the industry.

Sophisticated Cybercriminals

Criminals are adept at exploiting weak links in the security chain and once in, can leverage other weaknesses to increase their control, enable repeated access and execute attacks without being detected. As captured in the IBM X-Force Threat Intelligence Index, “Financially-motivated threat actors pose the most significant threat to the financial services industry, with threats from nation state groups in this sector, increasing over the past three years and resulting in the direct theft of millions of dollars from banks around the globe.”

Regulatory Concerns

Financial services firms face stringent cybersecurity regulations, such as 23 NYCRR 500, which places more accountability on senior executives. Also, as financial organizations adopt hybrid cloud, they face more scrutiny by regulators and must ensure workloads in the cloud meet new security standards.

Too Many Disparate Tools

Many institutions have numerous, siloed security tools that add complexity rather than providing insight. When these tools don’t integrate or communicate efficiently, they don’t provide the visibility security teams need to establish seamless, holistic protection, which is required to keep up with today’s threats.

Talent Gaps

The financial services industry, like other industries, is grappling with substantial talent gaps. In contrast, cybercriminals targeting the sector are growing in number, becoming industrialized and beginning to leverage advanced technologies such as artificial intelligence (AI) in their arsenal.

Competitive Threats and Margin Pressures

Financial services institutions strive to continuously innovate and offer differentiated digital experiences while simultaneously demonstrating advanced, but nonintrusive security capabilities. Success across these factors reduces churn and allows institutions to alleviate operational costs.

Inadvertent Insiders and Lack of Attention to Security Fundamentals

Frequently, companies lack discipline with elemental security responsibilities. Also, as mentioned in the “IBM X-Force Threat Intelligence Index”, “two of the most prolific ways X-Force researchers have observed inadvertent insiders leaving organizations open to attack is by falling for phishing scams or social engineering, and through the improper configuration of systems, servers, and cloud environments, and by foregoing password best practices.”

Insufficient Capabilities and Preparation for Right of Boom

As executives realize that it is not a question of if they will face a cyberattack, but when, the lack of investment right of boom — in the response and management of a cyberattack after it occurs — raises considerable concern. Often, personnel on the front lines don’t have capabilities such as AI, machine learning and intelligent orchestration and face an increasingly difficult task to diagnose a breach, assess the size and scope, and respond in the timeframe required by the General Data Protection Regulation (GDPR).

For many firms, the company’s success depends on one or a few individuals who may not have adequate information or experience to take the best actions during the hectic moments of a breach. In addition, many institutions are not prepared to address the increasingly common scenario of attacks launched by internal resources.

Opportunities to Improve Cybersecurity in the Financial Services Industry

To avoid the consequences of a breach, including damage to the corporate brand, loss of digital trust, regulatory impacts or worse, many organizations are taking action. Companies that can address the ever-increasing number of security challenges while also enabling innovative, differentiated experiences for their clients can gain a competitive advantage. Here are some great steps for getting started:

  • Strengthen your defense strategy. Use capabilities such as advanced data intelligence gathering and security analytics optimized with automation and AI to force-multiply your teams’ efforts and assess advanced threats that may have bypassed your controls.
  • Collaborate with industry peers and experts. Don’t go it alone as you prepare to battle threats to individual institutions as well as the industry ecosystem. Leverage communities, cyber range facilities, professional services and intelligence analysis tools to hunt and battle threats and assess and improve your readiness.
  • Practice incident response. Develop and maintain dynamic response playbooks that use AI and machine learning to automatically leverage threat intelligence information and practice your incident response plans with rigor.
  • Increase attention on fundamentals. Focus on core responsibilities, including knowing your assets and inventory, understanding your firm’s vulnerabilities and attack surfaces, classifying sensitive data and tracking usage patterns, using multilevel authentication and layered defenses, ensuring device security, improving patch management and more.
  • Build digital trust. Adopt new approaches to identity and access management (IAM) to enable authentication without imposing on the customer experience. Technologies include passive behavioral biometric approaches that focus on what and who you are rather than what you know.
  • Innovate while improving defenses and manage risk with enterprise cloud security. Pursue accelerated growth and the benefits of hybrid cloud while securing data and workloads in the cloud.
  • Get ahead of compliance. Leverage technology to understand how your firm’s regulatory obligation exposure is changing over time.
  • Foster a security-oriented culture and expand executive involvement. Work to make security a central focus for all employees and elevate security beyond the responsibility of the chief information security officer (CISO) alone.

Progressive companies are offering compelling, personalized customer experiences while building financial services cybersecurity operations that are data-driven, flexible and scalable. Firms that do not have strong cyber capabilities and an effective incident response plan are setting themselves up for the worst-case scenario associated with a breach.

Learn more at the IBM Security Banking and Financial Markets site

More from Advanced Threats

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today