Data sabotage is being seen as the latest threat impacting the financial/banking industry. It involves manipulating data such as financial records, bank account data, stock market information or companies’ financial results for financial gain.

Such attacks are sophisticated and can be hard to spot. Both Admiral Michael Rogers, director of the National Security Agency (NSA), and Director of National Intelligence James R. Clapper recently warned about the dangers of the emerging sabotage threat.

Speaking at the 2016 RSA Conference earlier this year, Rogers stated that data tampering is No. 2 on his list of his top three security nightmares, behind only a cyberattack against critical infrastructure.

Financial/Banking Industry Ups Security Spending

At present, there is a high level of concern about theft in the financial/banking industry. In the face of increasingly sophisticated attacks, the industry is upping its spend on security.

A recent article in The Wall Street Journal stated that financial firms are planning to increase spending on cybersecurity by $2 billion in the next two years. They’re doing so to prevent a number of cyberattacks, but sabotage remains a concern: According to data from the New York State Department of Financial Services, 9.3 percent of financial firms reported data integrity breaches in 2013.

Data can be manipulated in many sectors, however, including critical infrastructure, health care and any industry that collects large swathes of personal information.

Access Controls, Monitoring Are Key

It’s vital to implement granular levels of access control to prevent unauthorized access to data. Cybercriminals are increasingly targeting privileged users with access to financial data. This necessitates strict enforcement of access policies, especially those of privileged users.

Access control policies and systems are a must, and all activity should be continuously monitored to detect anomalous activity. Strong encryption is essential for protecting data, both when data is at rest in storage and in transmission, to prevent data theft, modification, disclosure or destruction.

It’s also important to monitor all data for unauthorized access using data activity monitoring technology. These tools provide alerts regarding all changes of data and help ensure data integrity, which is key to detecting when data has been altered. A data activity monitoring solution should monitor all data wherever it is on the network or connected devices, providing visibility into all activity.

Education Is Essential

Education is key in fighting any type of cyberthreat, and data sabotage is no different. Many attackers looking to obtain privileged credentials begin with a spear phishing attack, temping their targets to open malicious attachments or click tainted links. Employees should be educated in the dangers of doing so.

Kaspersky Lab uncovered a massive cyberattack targeting the financial/banking industry that started with a spear phishing attack. Once they had gained entry to the targeted institutions, the attackers burrowed into the hearts of the accounting systems, inflating account balances and siphoning off money. It is estimated that around $1 billion was stolen from some 100 financial institutions worldwide.

Attackers are always trying to stay one step ahead of the game, looking for new ways to achieve financial gain. Rather than merely steal data to sell off, more and more cybercriminals are now looking to steal money through sabotage and falsification of data records or transactions. The onus is on the financial/banking industry to ensure that it is on top of this latest threat vector.

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…