We are no stranger to the notion of cyber security, but one industry that suffers the most from cyber security threats is the financial secretary. Key security measures within the sector have evolved dramatically with the likes of key codes, two factor authentication, voice ID, behavioural analysis, one-time passcodes, protective messaging and digital fingerprinting.
Amazingly, the term “ransomware” was only added to the dictionary three years ago. In that time however, ransomware has increased dramatically in terms of the frequency of incidents and the range of methods used to conduct them. Let it be known that the attackers are extremely sophisticated. Once they have your data, who’s to say that your data will be given back or decrypted even if you pay up. Worse still what’s stopping them coming back to attack you again? The report found that once an attack is made, the bad actor will sell the details on to their associates to go after the victim again after deployment, because the payload can still be there, activated and deactivated.
2. Internal Threats
The report takes a look at the Verizon, 2020 Data Breach Investigations Report (DBIR) where it shows that ‘employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking’ the organisation. Now isn’t that terrifying? Misdelivery within the company, by which information has inadvertently been sent to the wrong person, stands tall as one of the most common issues when it comes to the notion of insider threats. Next time you forward an email or send one to the wrong person/recipient, click on the wrong mailing list, that’s a misdelivery. In the interests of fairness, misdelivery is almost always accidental and non-malicious, but the effects can be devastating. Especially if sensitive data is inadvertently shared to the wrong recipient.
3) App Developments
There’s an app for that. There really is. Apps in the investment and finance space have grown substantially in 2020 which is of course a good thing, as the ability to invest online is quick and easy, and accessible to all. But, with demand comes rushed development. Many of these apps were developed quickly and quite frankly are not ready for cyber-attacks. So that means no two-factor authentication, no protection from appropriate regulations, are not patched or maintained properly, and do not have contingency plans in place to mitigate the effects of a cyber-attack. What that means then is personal information of app users is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app is mirrored. Once the personal information is supplied, all the money involved (real and virtual) is up for grabs. And so begins the circle of ransomware life.
4) Third-Party Risks
Few organisations work on their own. Quite rightly too. Think about third parties that they use. Vendors, partners, email providers, service providers, web hosting companies, law firms, data management companies, subcontractors. The list goes on. They are all essential to business operations and a lot of these third parties share IT systems and even sensitive information through legal teams so it goes without saying that third parties may very well be an open backdoor into your financial systems for attackers to infiltrate.
Yep, even cyber crime has been affected by COVID. It is that unavoidable. Cyber criminals are continuing to target the financial sector even during the pandemic. There has been quite the spike in cyber attacks on banks, financial organisations and the third parties connected to them. Going back to simpler times before COVID-19, if an attacker wanted to sabotage a company or steal data, they would target the business itself. They’d aim their sights at the website, the social accounts, the logins and all their vulnerabilities. In response, organisations had counter measures in place. But now, you just need to target a single remote worker and the house of cards comes tumbling down.