November 10, 2016 By Larry Loeb 2 min read

Two-thirds of financial institutions that responded to a recent MetricStream Research survey indicated that they had experienced a cyberattack in the past year.

Financial Cybersecurity Threats Rising

The survey queried “C-level information security professionals” associated with 60 global financial services firms of various sizes and segments, including banking, insurance, asset management, diversified financials, investment services and foreign exchange services.

The survey suggested that insider threats continue to play a prominent role in the financial cybersecurity landscape. In fact, 48.5 percent of respondents reported that most cyberattacks were enabled by employees.

Where the Money Is

Cybercriminals love to target the financial industry because, quite simply, that’s where the money is. In response to this persistent threat, 91.2 percent of survey participants reported formally introducing cybersecurity into their enterprise risk management (ERM) program.

The specifics of the cybersecurity components in those ERM programs may need to change over time. The financial industry has its own particular security risks and regulatory frameworks to respond to them. Any security best practices evolve over time. so it’s a good idea to review them regularly as they apply to the institution.

For example, any evaluation of the risk management program should consider current information about the various threats that security professionals might find when they remediate an attack. It’s critical to know specifically what works and what doesn’t with respect to the institution’s situation.

Third-Party Protection

You don’t have to do all the heavy lifting in-house. Unsurprisingly, 70.6 percent of respondents reported that third parties played a role in their ongoing security efforts.

Security-as-a-service may be a very useful specialization for some organizations. Rather than being forced by necessity to build its own in-house expertise, a company can simply buy it as a package from a vendor and rely on round-the-clock servicing to protect their assets. They might need it, too: 55.9 percent of respondents reported an increase in attacks from previous years, while just 2.9 percent said that threats were decreasing.

Almost all agree that financial cybersecurity is a necessity in today’s world, but how those affected organizations go about achieving security is up in the air. Leveraging outside expertise and running risk management programs are only the tip of the iceberg.

More from

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today