As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. The security challenges faced by financial services organizations can never be understated. As the managers and custodians of financial assets and the data about them, they are under constant attack and regulators' increasing scrutiny. While cloud adoption has proceeded more slowly than in some industries, security teams within the financial services industry must secure their environments with infrastructure that has become more multi-cloud and complex.
The Alarming Reality of Fraud
Fraud and cybercrime are pressing challenges for all sectors, including financial services. Fraud and cybercrime account for over 40% of all estimated crimes in England and Wales and affects more people more often than any other crime. The social and economic cost to individuals is estimated to be more than £4.7 billion annually.
In 2021/22, 61% of fraud incidents were cyber-related, as the Crime Survey for England and Wales (CSEW) reported. Organizations globally continue to endure staggering financial losses due to fraud, with an estimated 5% of annual revenues siphoned away by this pervasive threat.
Cybercriminals and fraudsters have become innovative enough to exploit the expanding attack surface of financial institutions and turn risks into threats. The latest edition of the Thales 2023 Data Threat Report, Financial Services Edition , explores the perspectives of 140 financial services respondents in 18 countries on their understanding of the threat landscape and challenges and strategies in data protection, their evolving threat landscape, and infrastructure areas like cloud. The Report highlights the critical areas of concern that banking and financial executives must invest in to minimize the potential and impact of fraud and cybercrime.
Ransomware's Continuing Threat
Ransomware has become a significant concern for financial services, with 64% of organizations witnessing a surge in attacks. This figure significantly outpaces the 49% average across industries. Disturbingly, 35% of survey respondents report experiencing ransomware attacks, underscoring the heightened risks faced by the financial sector.
The ability of financial organizations to prevent and recover from ransomware attacks is vital. Use of encryption to protect sensitive data and multi-factor authentication to protect credential compromise are standard prevention best practices. A robust disaster recovery plan, bolstered by regular backups and staff training, are essential in mitigating the risks and potential financial loss of these attacks.
Quantum Computing and Blockchain Risks
The financial sector remains on high alert regarding quantum computing and blockchain vulnerabilities. This is crucial considering developments like Central Bank Digital Currencies (CBDC). For example, the European Data Protection Supervisor (EDPS) notes, "Lack of security might turn into severe lack of trust from users.”
As a result, 49% express concerns about the risks associated with blockchain attacks, while 66% worry about network decryption of sensitive data. These figures surpass the global report average, emphasizing the need for enhanced protective measures against these emerging threats.
The Human Error Factor
Human error is a paramount concern for financial services organizations, with a staggering 79% identifying it as the most significant security threat, and almost a third of respondents consider it their top threat. This finding aligns with other reports, such as Verizon’s 2023 DBIR, which highlights that the human factor is involved in 74% of successful data breaches. To address this issue, financial institutions must invest in ongoing employee training, create a culture of cybersecurity awareness, and implement strict access controls.
Navigating the Cloud Maze
Multi-cloud environments are the new reality for financial services, with the average number of cloud providers now exceeding two (2.16) and growing 12% in the last year. A majority (74%) have two or more cloud providers. In addition, financial services organizations’ reported use of Software as a Service (SaaS) applications has expanded, with the average number of applications in use jumping 68% over three years, from 82 to 137. This expansion increases the number of endpoints where data must be secured.
As a result, securing data in the cloud is seen as more complex, with a notable increase from 44% to 55% from the previous year. Efficiently securing data across a growing number of SaaS applications and cloud platforms demands a comprehensive approach that includes robust identity and access management and encryption protocols.
This is essential because cloud-hosted applications and cloud infrastructure are the primary targets for attackers. As 79% of financial organizations express concerns about the impact of cloud deployments on digital sovereignty, it's essential to align cloud security strategies with regulatory compliance and data sovereignty requirements.
Complexity in Encryption Management
However, the complexity of encryption management is a significant challenge for the financial sector. The report reveals that 63% of organizations have five or more key management systems. Additionally, only 46% of sensitive data in the cloud is encrypted on average, while more financial services organizations control all their encryption keys (21% versus 14%) than in other industries.
Simplifying encryption key management and increasing the encryption of sensitive data are priorities for financial institutions to enhance their data security posture.
Safeguarding the Future
The findings from the Thales 2023 Data Threat Report, Financial Services Edition, offer a sobering perspective on the cybersecurity landscape faced by the financial sector. Critical areas have positive trends, but much more work must be done. Financial organizations must prioritize robust cybersecurity measures to protect sensitive data, including investment in disaster recovery planning, blockchain security, and employee training. Simplifying encryption management and securing data in the cloud are equally paramount.
As we celebrate International Fraud Awareness Week, let us commit to defending our financial systems against the ever-evolving threat landscape. The challenges are formidable, but with proactive and adaptive cybersecurity strategies, we can mitigate risks and safeguard the future of financial services.
To gain better insight into the Thales 2023 Data Threat Report, Financial Services Edition findings, you can download it here.