Financial institutions have loads of PII – personal identification information, including cryptocurrency portfolios. Cybercriminals often perform attacks like phishing to compromise account credentials and gain unauthorized access. As we reached the end of the year, it is observed that the state of cybersecurity in financial institutions is not as good as it should be. Financial institutions should consider investing in cybersecurity in line with their physical security.
Financial institutions are 300 times more vulnerable than other sectors – Boston Consulting Group.
Malicious actors intrigue cyberattacks for different objectives, whereas financial motives drive cybercriminals. – report from the RAND Corporation.
1. Community banks prioritize security
The Conference of State Bank Supervisors (CSBS), in their 6th annual survey, canvassed 571 community banks in 37 states. During this survey, they identified that more than 70% of respondents ranked cybersecurity as their priority. Only 4% believe that the investment in cybersecurity would impact the profitability compared to the rest 60% prioritizing it.
2. Frequent repetitive incidents
In a survey by Clearswift, an information security firm, 70% of the financial companies have experienced security incidents in the last 12 months. The leading cause of most incidents is the employees’ failure to follow the security protocol. Another reason is the introduction of BYOD (bring your device) that contributes 32% of the attacks, allowing file and image downloads to contribute 25% of the attacks and sharing of data by the employees unintentionally contribute 24%.
3. Financial firms are more likely to be attacked
Boston Consulting Group revealed that the financial institutions are 300 times more likely to be attacked than other industrial sectors. The banks and financial institutions have to pay a dearer amount to deal with those attacks and their aftermath effects. IBM X-Force Threat Intelligence Index supports this finding and also remarked that the attacks on financial services account for 19% of the total incidents in a year.
4. Appropriate security measures concerning budgets
On average, financial institutions spend 0.3% of revenue and 10% of their IT budget on cybersecurity, as pointed by Deloitte. According to American Banker, big banks and major financial institutions spend nearly $2300 per employee. Deloitte believes that budgeting is not the only solution; it is the planning and execution of security policies that ensure appropriate security standards.
5. Banks to invest in managed security and integration services
According to International Data Corporation (IDC), worldwide spending on security solutions is expected to be $151.2 billion by 2023. The research says that this will also impact financial institutions, and they will invest more than 35% of their respective budgets in managed security and integration services.
6. Four methods contributing cyberattacks
A report by Akamai observed that four attack methods were used for 94% of the attacks, viz., Local File Inclusion (LFI), SQL Injection (SQLi), Cross-Site Scripting (XSS) and OGNL Java Injection.
7. CISO reporting
Infosys commissioned a survey on 277 senior executives representing banking, financial, and insurance services. Most of the respondents say that 34% of the CISO reports to either the CIO, while 32% to the board.
8. Better at detection than prevention
Ponemon Institute, in a survey of 400 security professionals from financial services, observed that financial institutions are better at detecting and containing cyber attacks and less efficient in their prevention. Almost 56% of financial institutions are useful in the detection, whereas only 31% are good at prevention.
9. Increase in the number of breaches
The Cost of Cybercrime Study in Financial Services 2019 report, by Accenture, showed that there is an increase in the average number of breaches in the financial sector, year-after-year. The report further identified that the expensive category of attacks is the malicious insiders, following by phishing, social engineering, denial-of-service, and web-based attacks.
10. Security alerts in large volume
The security leaders at Mastercard told the New York Times that, on average, they face 460,000 intrusion attempts. The credit card company showed the news publishers a “wall of monitors” having tracked 267,322 intrusions within 24 hours.
Financial institutions, banks, security companies, hedge funds, and asset management firms are always prime targets for cybercriminals, mainly to steal money. Financial companies are concerned about improving their security infrastructure and, therefore, are desperate to hire cybersecurity professionals. If you want to make the most of this opportunity, acquire security skills and get ready to join an evolving cybersecurity career path. You need to acquire or enhance specific skills like ethical hacking, penetration testing, web security, application security, etc. based on your interests and abilities. EC-Council’s cybersecurity training and credentialing programs will help you acquire the skills needed to make you job-ready.