Financial sector remain prime target of cybercriminals2 min read
IBM’s X-Force Threat Intelligence Index revealed that 23% of cyberattacks are directed at financial institutions. The total cost of a single data breach involving a financial institution is the second largest among all industries – costing $5.72 million on average.
Another IBM study, “Cost of Data Breach Report 2020,” showed that 53% of data breaches are financially motivated, which explains why financial institutions are constantly on the cybercrime radar. In other sectors, malicious users focus on social engineering, credential stuffing, and application vulnerabilities. Meanwhile, in the finance sector, malicious users primarily compromise internal corporate networks.
“Organisations have to strictly authenticate both external and internal users to protect their corporate systems. Financial institutions suffer from internal actors who know the banking system’s inner workings, and state-backed hackers often target them. While cybersecurity automation today cannot guarantee holding off attackers, a reduced surface area can greatly lower the risk,” said Juta Gurinaviciute, the chief technology officer at NordVPN Teams.
Gurinaviciute reminded financial institutions to establish secure connections for employees and contractors to reach essential assets, minimising the cyberattack surface area. However, she warned that unconditional trust can be harmful if malicious users compromise the connection.
“Today’s authentication is based on a Zero Trust model, meaning that employees and contractors can only access limited resources for a defined period. Even if their connection is compromised in a supply chain attack, hackers won’t do much harm as they won’t reach the rest of the internal network,” Gurinaviciute added.
According to Gurinaviciute, organisations can also implement an additional security layer that filters the end-point devices and apps based on their IP address. For example, IP whitelisting (also known as the allow list) allows admins to create a set of trusted employee and third-party devices, providing access to the corporate network while complicating the onset of a cyberattack and limiting its surface area.
Companies can also remain resilient by implementing third-party solutions with a centralised control panel for an efficient addition of new devices and applications.