In 2023, cybercrime keeps generating news headlines, with villains inflicting trillions of dollars in damages globally every year. An ever-present threat to individuals and organisations, malicious cyber-attacks are increasing in number and sophistication.
What kind of organisation makes an attractive target? Any that holds valuable data, and is undergoing rapid digitisation, making their data more vulnerable through cloud adoption, and having users accessing from anywhere/anytime.
Banks and other financial institutions are right in the middle of that space. They offer criminals high impact and serious profit potential through their vast stores of sensitive data.
Recent data shows the financial sector experienced the second highest number of data breaches in 2022, globally, surpassed only by government.
According to the EY/IIF survey released early 2023, 72% of global Chief Risk Officers view cybersecurity in banking as the top year-ahead risk, based on survey data from 88 banks across 30 countries.
Remembering that in finance, trust is everything
Bank customers need to believe they won’t have their funds plundered by hackers or their identities stolen and on-sold to other criminals.
When an organisation is compromised, the risk of irreparable reputational damage is huge, on top of the risk to resources and the bottom line: mitigation is costly and time-consuming.
Cyber incidents can also lead to regulatory penalties or other legal action by customers.
In March 2021, 1.5 million customers of US-based Flagstar Bank were affected by a ransomware attack, with customer names, phone numbers, social security numbers and tax records stolen and published. The bank paid $5.9 million in out-of-court settlements after the incident. In June 2022, Flagstar disclosed a second data breach that had leaked the personal information of 1.5 million customers the previous December.
As institutions navigate the risks and challenges, it’s imperative they stay abreast of existing and emerging trends in online banking security. These five are most likely to cause the most harm to financial institutions in 2023.
1. Phishing
Emails are traditionally the most common form of phishing but today attacks have spilled over into text, voicemail and messaging platforms. Phisers use various channels of contact to attack but the common denominator is the manipulation techniques used to deceive individuals into providing sensitive financial information.
They may persuade the recipient to click links to a malicious site or open infected attachments. Interacting with the links or attachments triggers the installation of malware on the user’s computer system or loads a counterfeit web page set up to harvest login credentials.
Global consortium and fraud prevention group the Anti-Phishing Working Group recorded a total of 3,394,662 phishing attacks in the first three quarters of 2022. When criminals target a high-profile individual or organisation, it’s often called ‘whaling’.
Bank employees and customers are both at risk of phishing. Malicious agents may send customers emails that look like legitimate bank correspondence, hoping to steal financial information or login credentials; or they may target bank employees, again, to get customer credentials and gain access to an institution’s internal network. In all these instances, email addresses and domains are artfully disguised and the messaging can be very convincing.
Phishing, like all cybercrime, is evolving year on year. Often emerging financial technologies will have gaps in their armour that criminals are quick to leverage. One of the newest iterations exploits Buy Now Pay Later (BNPL) services as an example.