Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By Ben Bulpett, EMEA Identity Platform Director at SailPoint 

Cyber security breaches of any kind remain a serious threat both in terms of financial costs and reputational damage. However, with lucrative assets at stake, it comes as no surprise that the finance and insurance industries have been the most attacked targets in recent years

The financial sector is generally known for having a high cyber security maturity level, to protect against criminals who have always sought financial gains. However, threats are continuing to evolve at pace, and the widespread disruption from the forced transition to remote work opened security and compliance gaps that many industries, including financial services, are still grappling with. As of January this year, the National Cyber Security Centre received over 10 million reported phishing scams. Globally, financial services accounts for nearly 40% of all phishing URLs. 

The workforce will always come with a certain risk level, but employees are unknowingly creating visibility gaps, leaving a trail of breadcrumbs for attacks to slip through corporate infrastructure. As the number of attacks continue to rise, it is critical that financial services organisations and their employees take steps to protect themselves, and their customers. Doing so requires an understanding of the tactics threat actors are using, and how to avoid playing into their hands. 

Seeking information online 


A cunning bad actor will stalk workers online to gather as much information as possible. Any information shared publicly on LinkedIn, Facebook, Twitter, or Instagram pages allows a cyber criminal to piece together a profile of the target. With nearly half of UK workers (47%) including their position and name of employer on their social media profile – some even sharing corporate emails (10%) for all to see – it is more likely that malicious actors will be able piece together a profile of their victims and strategize on who to target next.

While it is a common practice in many parts of the world to include work details on social profiles for networking and recruiting, it’s a stark reminder that unsavoury characters could be using this information in their next attack. Therefore, it’s imperative to be extra cautious about what is shared online; for example, include company and job title but leave out email addresses.


Using compromised emails and passwords 

Cyber criminals are using phishing scams to lure unsuspecting victims into leaking their organisation’s private information. But they’re also being given a head start in doing so. With a quarter of UK workers (25%) using corporate emails to conduct non-business related activity according to our research, for example social media logins and online shopping, there is a clear window for cyber criminals to find an ‘in’ to an organisation.


All it takes is one breach for this information to end up on the dark web forums, where it is bought and sold. To ensure a corporate email doesn’t end up in the wrong hands, employees should be encouraged to create a throwaway account to conduct non-business-related activities.


Impersonating CEOs and fellow employees 

Across the globe, workers are experiencing an influx of suspicious messages from top-level executives. This has been seen most recently with the FBI warning about a disturbing uptick in criminals exploiting virtual meetings to swindle organisations out of finances. In some cases, this went as far as hijacking video meeting accounts belonging to company executives in order to impersonate them and trick unsuspecting employees. 


Malicious actors try to get unsuspecting individuals to pay them through spoofing financial services—with this sector being one of the highest targeting by phishing. Therefore, it is imperative to be vigilant when sussing out if a financial request for details is honest.


Mitigating against attacks through training and technology 


Criminals rely on a culture of blame. Therefore, it is important that organisations ensure a positive, ongoing conversation with employees, that results in a deeper understanding of exactly how these incidents will impact both individuals and the organisation. Our research found that currently, almost half (46%) of UK workers say that they have not received any formal training or education about phishing. Cyber education must be moved to the top of the list for employee training – with this in place, employees can feel well supported and equipped to deal with phishing threats when they occur. 


Also crucial is the use of new technology, which can help mitigate against these type of attacks on the security perimeter in the first place. Cyber criminals often rely on using identities to try and trick organisations into thinking they are who they say they are. An identity security system can help organisations manage who has access to what, meaning access is permitted strictly on a need-to-know only basis – reducing the risk of sensitive information getting into the wrong hands. As well as this, it can also alert organisations to any user behaviour which is out of the ordinary and suspicious. 

Protection for the long term 

All roads lead back to phishing – and the revenues generated by the financial services industry make them a ripe target. With proper awareness, education, and the will to remain hyper-vigilant – together with the right technology in place – the financial services industry can ensure it’s well protected against cyber threats. 


Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts