It should come as no surprise that the banking sector has faced a lot of challenges recently - but after a turbulent few years, it seems that banks are now more worried about cyber security threats than pandemics.
Yet, even before the global disarray sparked by the coronavirus pandemic, the financial sector was being rocked by a surge in cyber attacks.
Cyber incident reports from financial services increased by 1000% between 2017-2018 alone, and it was retail banks that were hit the hardest.
Why are banks a target for cyber attacks?
The financial sector represents a wealth of opportunities for cyber attackers. Firstly, banks are data-rich – with files that feature their customers’ personal and extremely sensitive information.
They’re also a reliable source of money for paying out to cybercriminals. The capital behind major retail banks is a prospect that is often hard to resist for cyber attackers, who know that leveraging the right information makes large ransom pay-outs much more likely.
Add to that the disruption caused by the COVID-19 pandemic has created a perfect storm of instability and uncertainty for cyber criminals to capitalise on, resulting in a 238% increase in targeted bank cyber security assaults.
However, evidence suggests that internal threats have the potential to be just as damaging to banks as attacks from external sources. Disgruntled employees and bank staff have been found responsible for 75% of insider attacks, leaking information deliberately.
With that in mind, what cyber threats should banks be prepared for?
Types of Cyber Attack to Expect
There are many attack vectors that cyber criminals – or employees - may use to steal and distribute sensitive data from the banking sector. Yet it’s clear that cyber criminals prefer one attack vector above all: email.
Business Email Compromise (BEC) is a rising threat in the email security landscape, as one of the most financially damaging online crimes. BEC attacks use email fraud to prey on commercial, government, and non-profit organisations to achieve a specific outcome, often causing damage their target institutions.
Examples of BEC attacks include invoice scams and spear phishing spoof attacks, which are designed to gather data for other criminal organisations.
Often presented as convincing emails from company leaders such as CEOs & CFOs, these emails make urgent requests for information from staff lower down in a company’s hierarchy, with the intent to abuse this information for the criminal’s own gain.
Ransomware was headline news in 2017 with the notorious WannaCry outbreak, which ran up costs of up to £6 billion across the globe.
Ransomware attacks involve sending a malware package as an email attachment which, once opened on a PC, can access your network and encrypt or lock up your data and connected devices.
From there, the criminals behind the attack have full control over your organisation’s data and use this power to blackmail businesses into paying out a fee for their data to be returned.
Insider Attacks can be equally damaging as cyber attacks from external sources and require a lot less effort to be spent on the attacker’s behalf. Whether deliberate or accidental, outbound mail is a highly effective vector of data breaches.
It could be the result of an extended period of social engineering, a disgruntled employee, or simply a mis-attached file. In any case, outbound email should be an area of focus for your bank’s cyber security measures.
How to Defend Banks Against Cyber Attacks?
There are many methods of email protection on the market, but for the banking sector it is vital to choose a security solution that is both effective and manageable on a large scale.
Barracuda’s Total Email Protection stack offers multi-layered email security which works automatically to identify and defend against malicious email attacks. The multi-layered email protection model uses a series of precise filters and technologies to ensure that your business is secured against inbound and outbound email threats.
The Barracuda Total Email Protection service includes Barracuda Sentinel, an artificial intelligence software that analyses behavioural patterns within inbound and outbound mail to identify anomalies and potential email threats.
The Total Email Protection service also features the PhishLine email phishing simulation service, which is an effective and risk-free method of highlighting vulnerabilities in your human-layer cyber defence.
Would your staff be able to spot a cyber threat in their email inbox?