In this blog post
Cybersecurity Imperatives for BFSI
Over the last few years, every industry has been a victim of cyber threats and attacks. Cyber risk is highly prevalent in industries where there is an availability of sensitive and confidential information. Some at high-risk industries include banks and financial institutions, healthcare, corporations that focus on intellectual property, contract deals, and higher education. Boston Consulting Group reported that BFSI companies are 300 times more at risk of cyberattacks than others. While it is difficult to eliminate these risks entirely, players in the industry need to fully understand the challenges and improve their defenses to mitigate the risks.
Common Cyberattacks in BFSI
As banking and other financial institutions increasingly embrace digital innovation, it has also led to several risks and challenges that make these businesses vulnerable to attacks. Before focusing on the various types of cyberattacks, it is necessary to understand the current landscape of the industry and its driving factors:
- The pandemic forced changes to the workplace by taking several in-house digital tasks online. The dependency on cloud-based software increased, and new cyber risks and threats emerged.
- Financial institutions relied on IT infrastructure through digital innovations to introduce virtual financial services such as digital accounts, card-less transactions, and more. While this enhanced customer experience and accelerated usage of online banking services, cybercriminals leveraged the information stored/exchanged to threaten the safety of the customer data.
- With newer banking ways, various regulatory bodies worldwide have established new rules to regulate financial services. There are more than 30 cybersecurity regulations in the US to prevent misconduct and misuse of customer data.
As technology actively evolves, financial institutions are still learning the lay of the land. However, this learning curve is being used as a mining ground for cybercriminals threatening these institutions through various cyberattacks. Some of them are:
Phishing Attacks
Phishing-as-a-service (PhaaS) has become a comprehensive business model where attackers use various methods to infiltrate the system. This includes using website hosting, phishing emails, and spoofed sign-in pages. Phishing attacks also include criminals impersonating as representatives of institutions to trick users into clicking malicious websites, prompting transactions to gain access to their bank accounts. In September 2021, a new malware campaign called MirrorBlast was launched against financial institutions. This malware is spread through an excel document attached to an email to gather intelligence.
Distributed Denial of Service (DDoS) Attacks
DDoS is gaining momentum among cybercriminals. In this type of attack, the website is flooded with traffic that affects business operations. When a banking institution comes under the radar for DDoS, it can result in heavy financial loss due to downtime. Experts also suggest that DDoS attacks are done as a distraction to consume IT attention to instigate malware or data breaches on critical systems. According to Radware’s Threat Research team, there has been a 30% increase in DDoS attacks globally. One of the biggest DDoS attacks happened in 2021 when more than 800 German cooperative banks were affected by an attacker’s attempt to overwhelm the server with high traffic volumes.
Advanced Persistent Threat (APT)
APT is when a group of cybercriminals collaborate and attack financial institutions by sharing attack TTPs and tools. Through APT tools, criminals try to seal and encrypt data to extort money or cause further damage to the brand. Ransomware, data breaches, and malware are some of the common APT techniques used. In the U.S., an APT group used a backdoor implant delivered through a spear-phishing email to transfer large volumes of money into foreign bank accounts and for executing fraudulent transactions. According to Trellix Advanced Threat Research Report, 37% of APT detections were found in the banking and financial sector in Q3 2021. Carbanak is one of the most popular APT groups that target the banking industry.
Global Regulations
Various global cybersecurity regulations support data security and improved data breach resilience. The most widely mandated regulations include EU-GDPR, ISO/IEC 27001, BSA, PSD 2, and others.
The SolarWinds Corp. and Colonial Pipeline Co. cyberattacks were some of the biggest cyberattacks in recent times. In the light of these events, the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) implemented a new rule that requires “banking organizations” to notify their primary federal regulator within 36 hours in the event of certain types of computer security incidents. This regulation came into effect on 1st April 2022, while BFSI players and their service providers must comply by 1st May 2022.
GAVS recommends taking preventive measures to curb cybersecurity threats and risks. Banks and other financial institutions must develop a compressive cybersecurity program to send alerts to regulators within hours of any cyber incident to comply with the new regulations. While this is a reactive approach that will help regulators prepare for better governance, organizations must also invest in cybersecurity solutions that will help detect, report, and mitigate cyber threats while maintaining the confidentiality of information systems.
With new regulations mandated by governing bodies, the first and foremost step in cybersecurity planning will be to formulate policies that address cybercrimes. These policies must include approval protocols, a procedure to backup data, list of unauthorized or high-risk applications or software. When these policies are in place, the next imperative will be education. All employees must be trained on taking customer calls, sharing confidential information, and clicking on emails from unknown senders. Financial institutions need to educate their customers since cybercriminals can use their accounts as a trojan to enter the system. While these are the basic steps, banks must focus on advanced measures simultaneously. This would include using a firewall at every workstation and multi-factor authentication techniques such as facial recognition or fingerprint scanner to detect cybercrimes. AI powered cybersecurity solutions and services are gaining popularity in order to deal with the sophistication of modern attacks and also to bring in AI-led predictions and proactive remediation as part of cybersecurity strategy.
GAVS for BFSI
GAVS is a trusted partner for several global banks and financial services companies. GAVS offers various cybersecurity services, including end-to-end services led by AI, round-the-clock monitoring for security events, Azure and on-premise workload protection, Red and Blue Team security capability, zDesk VDI/DaaS for secure, remote, anytime/anywhere access, and implementation and support services. For more information on how GAVS can address your cybersecurity needs, please reach out to us at inquiry@gavstech.com
References
https://www.upguard.com/blog/cybersecurity-regulations-financial-industry
https://www.finextra.com/blogposting/20387/the-state-of-cybersecurity-in-financial-services
https://www.theglobaltreasurer.com/2019/09/25/the-importance-of-cyber-security-in-banking/
https://www.byteacademy.co/blog/banking-cyber-security
https://constellix.com/news/how-banks-can-avoid-ddos-attacks-with-dns
https://www.trellix.com/en-us/threat-center/threat-reports/jan-2022.html#aptCountries