We all know it has been one heck of a year, one full of challenges at many levels.While we all contend with different types of threats across a variety of fronts, one threat that cannot be ignored is the tsunami of cyberattacks that have accelerated during the era of COVID. The FBI recently reported that the number of cyberattacks filed with their Cyber Division has risen to up to 4,000 a day. This represents a 400 percent increase from pre-COVID months. While all industries are being affected by this sudden surge, the banking and financial sector have been hit especially hard as is illustrated by the following statistics.
- According to research conducted by VMware, close to a third of all cyberattacks between February and April of this year targeted the financial sector. Their data showed a massive increase of 238 percent for the financial and banking industries.
- In a recent survey of 2,043 business owners across 11 industry sectors, the accounting and banking sector showed the third highest increase (67%) in cybercrime threats. Only the IT and Healthcare sectors reported a higher increase percentage.
- According to Carbon Black’s annual Modern Bank Heists report, ransomware attacks against the financial sector have increased nine-fold since the beginning of February. In fact, 25 percent of survey respondents said their firms had been targeted by destructive attacks designed to cause maximum damage rather than to elicit a ransom payment. The conclusion stated in the report was that attackers are putting financial institutions directly in their cross hairs.
Remote Work is a Big Contributor
The rush to get employees to social distance by remote work strategies is obviously a big contributor to these spikes. A Survey Monkey Workforce survey back in May showed that 70 percent of workers in the finance and banking sector were working from home. The remote work strategies that so many companies implemented in rapid fashion have drastically altered the attack surface at large of these enterprises, and hackers are taking advantage of it. Along with the changing work environment, employees anxiously try to keep current on any pandemic updates. Thus, cybercriminals often use COVID themes to cleverly craft phishing and social engineering attacks. According to Accounting Today, the culminating factors of remote work and COVID have resulted in a 300 percent increase in cyberattacks upon accounting practices of all sizes.
Recent Settlements add to the Cost of Recovery
All of this is not going unnoticed to C-level leadership in these institutions. On top of the high cost of remediation and repairing reputational damage, fines and financial settlements have surged as well. The recent settlement between Capital One Financial and two federal banking regulators concerning 2019 incident has shown just how costly a breach in their industry can be. Capital One has agreed to pay fines of $80 million for failing to implement proper steps that could have prevented the breach that compromised the personal records of some 100 million U.S. citizens.
Institutions are Increasing Spending
As a result, leadership is dedicating more resources to combat these mounting threats. A survey conducted by Deloitte and Touche indicated that the average cyber security spending budget per employee in banking and financial institutions rose from $2,337 in 2018 to $2,691 in 2019. Furthermore, a large number of firms are budgeting as much as $3,322 per employee. This surpasses the $3,000 maximum amount the year prior. According to Bloomberg, these costs translate into $900 million for a company the size of Wells Fargo.
Pen Testing Plays an Important Role in a Security Strategy
Anticipate and Prepare. Knowing where your potential vulnerabilities could be exploited for an attack should be part of your security strategy. This is where penetration testing comes into play. A well-executed pen test is as a powerful tool. These tests safely simulate an actual attack by a malicious party in order to discover if your safeguards are effective within your environment and find out how a hacker might attempt to out-maneuver them. A pen test can ensure that your multi-layer strategy can successfully mitigate current attack practices and that your resources are being spent wisely. While many firms are required to perform annual pen testing for compliance purposes, a proper pen test should be frequent best practice when changes occur in your working environments, office set ups, equipment, and teams.
Validate Your Security
With an increased reliance on digital and cashless transactions, it is crucial to ensure technologies within your financial institution are secure. Partner with a pen test company with proven results, experienced teams, and comprehensive reporting for remediation. As the year closes, it is best to evaluate if your systems’ safeguards are ready to take on the busy season as well as be ready for the new year. Request a pen test report sample to see what HALOCK can do to help identify how you can keep your data safe.