“The optimism is that many financial institutions have early adopted a number of the latest and modern cybersecurity defenses that make businesses safer within the face of threats. This mustn’t be neglected when comparing ourselves to other firms,” said Phillips.
“Unfortunately, nevertheless, the threat landscape continues to shift. So what we’re seeing is an increasing variety of more sophisticated and more specialized cybercriminals. They’re engaged in a dark race for tragic innovation, specializing in higher initial access, higher tools for lateral movement, the more disruptive financial institutions need to grapple with Developed types of ransomware and extortion.”
Phillips also highlighted the “problems with scale” that currently exist. Many criminal cyber groups specialise in constructing attack tools that may be manipulated and monetized by other less sophisticated criminals. One example is ransomware as a service (RaaS). It is a business model between ransomware operators and affiliates, where affiliates pay to launch ransomware attacks developed by operators.
Phillips told Insurance Business: “There’s also the difficulty of scale. Cybercriminals is probably not very sophisticated, but they’re in search of every opportunity to make a fast buck.”
Resilience data shows that financial institutions often lag behind in email security controls, making them more prone to phishing attacks that result in cybercrime. Particularly, phishing attacks are the highest threats to the financial sector in Verizon’s 2022 Data Breach Investigations Report (DBIR) and the highest digital crimes reported by the FBI in 2021, with greater than 300,000 incidents.
“With regards to business email compromise (BEC) attacks, it is important to emphasise that while a number of the initial intrusion methods are the identical, many cybercriminals have different motives,” Phillips said. increase. “Some will attempt to trick employees into sending money directly, while others will try and obtain data to make the most of opportunities to commit identity theft, mental property theft, or other privacy-related crimes.
There are strategies that financial institutions can implement to raised protect sensitive customer data and their very own sensitive information. A key a part of this plan, in response to Phillips, is implementing best practices to handle current threat vectors, in addition to helping management higher understand how financial cyberattacks are progressing and methods to reply to them.
“FIs often go far beyond the fundamentals with regards to cybersecurity, but actually multi-factor authentication (MFA) is paramount within the financial sector, especially for privileged accounts,” said Phillips. I’m here. “Advanced endpoint detection and response (EDR) technology that stops malicious files from spreading inside your network can be a critical investment.”
Resilience’s Chief Billing Officer urged FI to double down on its cybersecurity efforts in three key areas: Privileged Access Management – Create security blocks and checks across your network. Practice Restore from Backup – Ensure operational continuity after a business-disrupting cyber event.
One area where financial institutions “must proceed to mature,” in response to Phillips, is third-party vendor risk management. he said: – who they depend on to satisfy their mission and serve their clients. Not only is the ransomware directly attacking her FI, but a significant FI vendor is under attack, putting the financial institution’s data and business in danger. ”
Regarding vendor risk management, Phillips shared some recommendations. First, financial institutions should create a list of their current vendors and the information they’ve access to, he said. Then it’s worthwhile to categorize those vendors into risk tiers to grasp which of them are critical to your mission and discover those who control operations or data that would disrupt your small business if compromised.
“It is also necessary to include risk due diligence into the seller selection process,” adds Phillips. “Unfortunately, the financial sector relies heavily on third-party vendors to operate, so FIs often select vendors on price and features, requiring scrutiny of those vendors for cybersecurity posture and best practices. It wasn’t until later that I spotted there was something they convey to the cybersecurity table, so constructing that due diligence process into the seller selection process may be very necessary.
“Financial institutions must also conduct ongoing oversight and monitoring of high-risk vendors crucial to operate their business. We’ll closely monitor systems and performance and be sure that vendors don’t meet appropriate standards. We also must have a remediation plan in place within the event of a security or cyber event.”