By Anurag Kahol, CTO at Bitglass
In the Covid-19 era, cyber risks are ever-increasing. Not only has there been a massive acceleration of business and digital transformation, but the attack surface has also expanded rapidly due to the vast number of people working from home. Put simply, the pressure is on businesses to get a better handle on cybersecurity – and this is especially true of the financial services industry.
Cybercriminals go where the money is. And, whilst financial institutions may vary wildly in terms of the services they offer, one thing they all have in common is the high volume of personally identifiable information (PII) that they collect from customers. High value data such as home addresses, financial histories and bank details are an extremely attractive target for cybercriminals. which is why financial services organisations must take significant steps to ensure it remains protected at all times. However, this begs the question, does the industry take its security responsibilities seriously enough?
In a recent pre-Covid study, Bitglass set out to uncover the state of cybersecurity within the financial services industry, compiling data from the Identity Theft Resource Center (ITRC) and the Ponemon Institute. They drew a wide range of insights about the financial breaches that have occurred in the twelve months leading up to the pandemic – enabling us to reflect on the need to bolster cybersecurity in the Covid-19 era.
In total, only 6.5 percent of all data breaches that occurred in the 12 months leading up to the pandemic were suffered by financial services organisations – but that doesn’t tell the whole story. That 6.5 percent of breaches accounted for a massive 61.7 percent of all leaked records. This shows that while financial services organisations don’t suffer breaches particularly often, when breaches do occur, they tend to be much larger and more detrimental than those experienced by companies in other industries.
However, the number of breaches has rapidly increased during Covid-19. Indeed, between February and April 2020, cyber attacks against financial institutions rose by 238 percent, meaning the threat level has heightened considerably.
The biggest threats
As malware continues to evolve, it’s becoming increasingly difficult to detect and block. Consequently, the financial services industry must learn to defend against this ever-growing threat by deploying the right security tools.
Hacking and malware remained the biggest causes of data breaches in the financial services sector by far, in the lead up to the pandemic. They were responsible for 75 percent of all incidents (up slightly from 73.5 percent in 2018). Additionally, insider threats grew from 2.9 percent in 2018 to 5.5 percent in 2020 and accidental disclosures increased from 14.7 percent to 18.2 percent.
Furthermore, the Covid-19 coronavirus pandemic has prompted an acceleration in the adoption of cloud technologies by IT leaders worldwide, which looks set to continue for the foreseeable future. Unfortunately, for organisations that struggle with implementing proper security measures, rising cloud adoption will likely only exacerbate these threats. When proper security is not in place, cloud and mobile represent new attack vectors to threat actors.
Learn your lesson, before it’s too late
Maintaining proper visibility and control over data can be challenging – particularly when the appropriate cloud and mobile security solutions are not put in place. Global cloud adoption has reached 86 percent and bring your own device (BYOD) policies have found their way into 85 percent of organisations. Regardless, financial services organisations need to be more cognizant of how their data is being used. Unfortunately, some organisations are still not learning their lessons. Consequently, they are suffering from a worryingly high number of recurring breaches. Even highly-reputable banks can be found at the centre of unenviable, record-breaking breach statistics, like Capital One, which suffered four in the last seven years.
A greater cost
The bad news for financial services organisations is that the cost per compromised record has been steadily increasing over the last few years, both for regular breaches as well as mega breaches (i.e. those affecting 100 million individuals or more). The 2019 cost per breached record for mega breaches is now much greater than that of average breaches, with figures standing at $388 and $210, respectively. Additionally, Ponemon notes that the cost per compromised record within financial services now exceeds that of all other industries with the exception of healthcare (which was $429). Technology came in third place at $183, while the public sector came in last at $78.
Whether it’s careless users, malicious insiders, evolving malware, advanced phishing schemes, or something else yet to be discovered, modern financial services organisations face an intimidatingly large number of threats- only accelerated by Covid-19. As guardians of some of the most sensitive customer data in any business world, it’s critical that they adopt a proactive approach to data protection and are properly equipped with the latest security technologies. Only then can they defend against the threat agents in the cyber world.