Financial services are a major part of the UK economy and they’re under attack.
Criminals go where the money is, aiming to disrupt systems for ransom or to steal. It therefore makes sense that UK financial institutions are a key target, with billions of pounds of transactions made each day. However, it’s no longer as simple as attackers getting in, stealing data, and leaving. The techniques used have become more complex and multi-layered, mixing techniques and targets, and at the same time they’re coming from a wider range of bad actors – from opportunists with a set of downloaded scripts to advanced nation state attackers with significant technological backing.
Regulatory penalties make the cost of a data breach higher for financial services than any other industries except the health and energy sectors. The 2020 edition of the annual IBM-sponsored Ponemon Institute report that the cost of data breaches puts the average penalty of a financial breach in the UK at over £3.12m, with the global cost averaging £4.68m – financial impacts that are only going up year-on-year.
More than half of those breaches are the result of attacks, a proportion that keeps growing. The attacks aren’t just against businesses; many target customers too, with 40% of UK consumers experiencing some form of fraud in 2019. Dealing with fraud is critical, as it can cause a long-term reduction in consumer confidence in financial services and, if not quickly recognised by the customer, can have a major impact on both their financial stability and their credit score.
Tracking the hacking
Part of the problem is that attacks can come from anywhere. Widely available malware toolkits mean that most attacks are by small criminal groups and opportunistic amateurs, not the assumed larger criminal organisations and nation state attackers.
As a result, over 25% of all malware attacks in 2019 were on financial services, with over 90% of those using one of four well-known techniques: SQL injection, local file inclusion, cross site scripting (XSS) and OGNL injection. Attackers used distributed denial-of-service as a way of covering up other attacks, with ransomware to hide the traces of an intrusion. Defences can focus on these attacks as they can be scanned for and protected against, significantly reducing risks.
Ransomware remains a high-profile problem, with a large currency exchange provider a recent victim of a major attack that required significant remediation, preventing operations and reducing consumer trust. However, like any industry, companies need to be aware of other common attacks, including malware like Kryptik and Emotet, techniques like BEC/wire fraud transfer, and supply chain attacks that can affect the hardware and software they use.
Key considerations for cybersecurity
A significant proportion of attacks are not direct but come through attacks on customers, consumers, and shoppers. Regulatory frameworks push financial services organisations to address this; but protecting their own networks and their interconnections with customers and other services remains key. We can protect the financial services industry by digitally transforming security.
A good place to start is the FCA Financial Services Cybersecurity Profile, which provides a template for risk management using standardised approaches. What it suggests is as much common sense as anything:
- We need to avoid false positives: it’s important not to be the boy who cried wolf
- Take advantage of machine learning-based security systems: speed up response by automation
- Cross-industry information sharing on attack patterns
- Hardening endpoints: put in systems to trap common attacks and protect users
- Develop trusted transaction tools, for example using closed consortium-based blockchains
- User education: help consumers understand smishing, trusted transfer attacks, and other common techniques
- Work with apps stores and protection tools to spot and block fraudulent apps on devices
- Partner with established network providers to put security systems in place that will help block and detect common attacks
But what can be done to help protect financial services at a network level? As many direct attacks come via web applications, adding an up-to-date firewall to your network infrastructure is an important first step. This is best handled in partnership with a network provider. Similarly, content delivery networks and static web applications can reduce the risk of denial of service attacks, saving dynamic content only for interactive services and keeping attack surfaces to a minimum.
New entrants into the financial services market avoid the risks that come with legacy systems, but as they often mix and match off-the-shelf systems, there’s an added third-party risk. This is often balanced by their having a deeper technology background making it easier to work with their partners to implement secure systems.
New regulations intended to open up markets also introduce new risks, adding new interfaces and more possible attack vectors to old and new systems. Any application platform for a new bank or for open banking, needs to be secure, and again that requires defended and protected networks.
A network-first approach to security
With many possible attack vectors in financial services, it’s clear that incident response needs to be sophisticated. Attackers have changed tactics; destructive attacks are no longer for direct financial gain, but instead to slow down defenders or cover the tracks of an intrusion. As in other industries, what starts out as a virtual bank heist can turn into a hostage situation, with your data held for ransom.
Regardless of how these attacks are made, there is one common factor; attackers come in over a network. Your network providers are a key element in your defence, with the expertise needed to track and block attackers before they can reach your systems. Put your network provider at the heart of your incident response plan to help identify and avert possible threats and you can keep the costs of any intrusions and breaches to a minimum. With that in mind, you need to ensure that you’re relying on a network provider with a deep security capability that aligns with your needs and has the tools available to prevent your data from falling into the wrong hands. The importance of choosing a network provider carefully couldn’t be more apparent in the current climate.