Skip to main content

Why is the financial services sector a top target for cyberattack and under threat like never before? With the UK’s Financial services firms – many of which are based here in London – reporting 819 cyber incidents to the Financial Conduct Authority (FCA) in 2018, up from just 69 incidents in 2017, an increase of more than 1,000%, this is a question clients frequently ask us.

Christine Lagarde, former head of the International Monetary Fund (IMF) and currently president of the European Central Bank (ECB), speaking in February of this year, attempted to give the threat some scale and scope. She said that, according to the European Systemic Risk Board (ESRB), the global cost of such cyber-attacks is estimated to be anywhere between $45bn and $654bn.

What’s more, she added, ‘There are multiple ways in which a cyber-attack that affected the balance accounts of a major financial institution could trigger a liquidity crisis, and they can quickly become systemic crises.’

With the global financial services industry continuing to be the target of choice for cybercriminals and facing a range of threats, it has become a ‘one-stop-shop’ for the perpetrators. That’s because it provides the essential funding the black economy and underworld want, as they can steal sensitive data to use to open fake accounts and lines of credit they need for survival.

So in this blog post we’re going to take a closer look at the cybersecurity threats the financial services sector faces. Read on and below you’ll discover:

Why financial services is a top target for cyberattack and where do the threats come from?

When considering why financial services is a top target for cyberattacks, it’s important to note is that the threat isn’t just aimed at the obvious targets such as the big consumer banks and building societies. According to the latest research by Finish security firm F-Secure, organisations working directly and indirectly with the global finance sector, including many London-based firms, are at risk, right from brokers and asset managers to insurance providers.

So when analysing how to protect your company from cyberattacks, it pays to know your enemy. The threats range from common script-kiddies (who don’t write malicious code, for example, but use existing techniques) and the organised crime organisations we mentioned above to state-sponsored actions.

State-sponsored threats are particularly insidious and disruptive as attackers see the global financial sector as a tempting target due to its importance to national economies. And state sponsored cybercriminal-in-chief is currently North Korea. The nation has been implicated in financially motivated attacks in over 30 other countries in the last few years.

What’s particularly worrying is that North Korea’s advanced tactics, techniques, and procedures (TTPs) have spread to – and are being duplicated by – other threat actors in the cybercriminal community.

What state-sponsored attackers and cybercriminals do have in common, is that they steal financial data to monitor the activities of specific individuals, as well as large international deals in key industries, to see if they can exploit opportunities in either.

What motivates financial services cyberattacks?

The above mentioned F-Secure report breaks down what motivates the various individuals, groups and states involved in cybercrime into three distinct groups: data theft, data integrity and sabotage, and direct financial theft. This an is important insight because once you understand why various threat actors might target your business, you can then more accurately measure your cyber risk, work out how to protect your company from cyberattacks and implement appropriate methods of protection.

For example, where the criminal’s motivation is to target your data integrity or sabotage, they will usually tamper with, disrupt or destroy systems using ransomware and distributed denial of service (DDoS) attacks.

In today’s ever-evolving threat landscape, researchers found that techniques to steal funds are undertaken in a range of ways from phishing to credential stuffing and across the spectrum of systems, including Swift payment operators, inter-bank payment switch applications and automated teller machines (ATMs).

More sophisticated threats include the use of distractive malware, supply chain compromises and customised TTPs created specifically for a particular target.

How to protect your business from a cyber attack – know the three key threats

What is Phishing

Nearly 200,000 phishing domains were discovered during an 18-month period from December 2018 to May 2019. Of those, 66% targeted consumers directly, with half impacting companies in the financial services industry.

What is Credential stuffing

This is a type of cyberattack where stolen account credentials, consisting of lists of paired up usernames (and/or email addresses) and the corresponding passwords, are used to gain unauthorised access to user accounts through large-scale automated login requests directed against a web application.

In the 18-month period mentioned above, there were an estimated 3.5 billion attempts to carry out credential stuffing attacks.

Criminals can make money by hijacking accounts in this way or reselling the lists they create. As such, we’ve seen a whole underworld economy develop to target financial services organisations and their customers.

What is DDoS

Criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of the above 18 month period, research uncovered more than 800 DDoS attacks against the financial services industry alone, with attackers targeting organisations at their weak points: their customers and their web applications.

You can’t afford to take your eye of the tried and tested threats

Despite the threat landscape continuously evolving and becoming evermore sophisticated, criminals are constantly recycling old attack methods. According to US tech business, Akamai, in their 2019 State of the Internet/Security Financial Services Attack Economy Report, 94% of all observed attacks against the sector came from one of just four well-known methods.

These are SQL injection (SGLi), local file inclusion (LFI), cross-site scripting (XSS) and OGNL Java injection. What’s more, these threats continue to be used by attackers years after patches to protect against them were issued.

Despite the fact that financial services sector businesses are becoming better at protecting themselves (and their customers) against these threats, you need to be able to detect, analyse and defend against intelligent, motivated criminals who are using multiple, simultaneous and near-constant methods of attack, techniques and tools.

So, should you be worried?

We think every kind of business, of every size, in the financial services sector, here in London and beyond, should know much more about how to protect your company from cyberattacks.

Look at what just some cybersecurity professionals in the industry have reported:

In a survey of 201 UK-based IT security professionals who work in the financial services industry, commissioned by virtualisation and cloud infrastructure firm VMWare, 90% of respondents stated they have to make compromises which could leave other areas exposed when protecting their organisation against cyber threats.

A newly released report by security firm AttackIQ reveals that 53% of more than 570 US IT security practitioners admit they do not know how well the cyber security tools they have deployed are working. And nearly two-thirds (63%) of them said they have observed a security tool reporting it blocked an attack when it actually failed to do so!

New technologies and the age-old threat

New technologies such as migrating to Cloud computing and implementing Artificial Intelligence (AI) promise a bright and more secure future for the financial services sector.

However, it won’t take the cybercriminal community long to catch up, so each technology has to be considered carefully on their merits and in line with the needs of your enterprise, your operations, your objectives today and tomorrow and, of course, your budgets.

Sadly, the weakest link in your cyber security chain is still most likely to be your people – no matter how inadvertently Cybercriminals and the threats deploy, they continue to exploit people’s mistakes, with the majority of security breaches remaining basic human error, sloppy security plus weak passwords and computers and devices left on and unprotected.

Key to how companies can protect against hackers is staff training, so here’s eight ways you can train your people to protect your enterprise from cyber criminals.

Don’t leave your cybersecurity to chance, leave it to us

We’ve been working with a wide range of small and medium-sized businesses in London’s financial services sector, from hedge funds and private equity firms to assent managers, since our formation in 2008.

Since then, we’ve become the financial service sector’s managed IT services provider and cybersecurity team of choice. We deliver a portfolio of best-fit, best-in-class solutions to keep your IT infrastructure, data, IP, confidential client information, application availability and business continuity protected.

So why not talk to the expert, experienced and award-winning team here at totality services? We’ve earned Five Star customer service ratings from TrustPilot, Feefo and Google and become the go to IT support team for London. Simply call us for a confidential, no obligation chat about your requirements.



Request a quote

If you’d like a quote, simply complete this form and we’ll get back to you. Alternatively, please call us on 020 3744 3105.