• Register
Return to: Home > News > Advisory > 2020 Top Five Financial Sector Security Challenges

2020 Top Five Financial Sector Security Challenges

Security measures within the financial sector have evolved dramatically, with regards to combining elements such as key codes, two factor authentication, voice ID, behavioural analysis, one-time passcodes, protective messaging, digital fingerprinting, and so on. But, with more security measures in place, there are arguably more elements to infiltrate

This week SecurityHQ released a white paper on the ‘Financial Sector, Threat Landscape 2020’. In this paper, and through an analysis of a real-life threat to a large financial client, their findings revealed the five top security challenges that the financial sector are currently facing, the risks of future threats, and how to spot these risks before it is too late.

Among other elements, five of the top challenges to the financial industry include ransomware attacks, internal threats, issues in app developments, changes in working due to COVID-19, and third-party risks.

Ransomware

In the three years since the term was added to the dictionary, ransomware has increased dramatically both in terms of the number of attacks, but also in terms of the range of methods used to conduct said attacks. Attackers are extremely sophisticated. Once they have your data, there is no guarantee that if you pay them, that your data will be given back or decrypted. There is also no guarantee that you will not be a target a second time around. Often, once an attack is made, the bad actor will sell the details on to their associates to go after the victim again after deployment, because the payload can still be there, activated and deactivated.

Internal Threats

According to the Verizon, 2020 Data Breach Investigations Report (DBIR) ‘employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking’ the organisation. In fact, misdelivery within the company, by which information has inadvertently been sent to the wrong person, appears to be the most common issue within insider threats. Misdelivery can occur via emails forwarded or sent to the wrong person/recipient, or by incorporating the wrong mailing list, or via the wrong address on a paper document. Misdelivery is, more often than not, accidental and non-malicious, but the effects can be devastating. Especially if sensitive data is inadvertently shared to the wrong recipient.

App Developments

Apps surrounding investment and finance have grown substantially in 2020. This, in part, is a good thing, as the ability to invest online is quick and easy, and accessible to all. But due to the demand, many of these apps were developed quickly and are underprepared for cyber-attacks. Many do not provide two-factor authentication, are not supported by the appropriate regulations, are not patched or maintained properly, and do not have contingency plans in place to mitigate the effects of a cyber-attack. As a result, personal information of app users is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app is mirrored. And, once the personal information is supplied, both real and virtual money is then accessible. Thus, the circle of ransomware ensues.  

Third-Party Risks

These days, few organisations work on their own. The majority use third parties, including vendors, partners, e-mail providers, service providers, web hosting, law firms, data management companies, subcontractors and so on. With regards to many of these, from IT systems to sensitive information shared with legal teams, these third parties could easily be a backdoor into your financial systems for attackers to infiltrate.

COVID-19

Cyber criminals are continuing to target the financial sector amidst the pandemic. As a result, we have seen a spike in attacks on banks, financial organisations and the third parties connected to them. Before COVID-19, if an attacker wanted to sabotage a company or steal data, they would target the business itself. The website, the social accounts, the logins and all their vulnerabilities. In response, organisations had parameters set up for this. But now, you just need to target a single remote worker.

In response to these five threats, banks and financial institutions require tailored and sophisticated security to support their systems and people, and to defend against an onslaught of complex and aggressive cyber-attacks. Not only must security compliance within the financial sector be tenfold, but it is essential that security precautions evolve, to mirror the growing threat landscape.

Top Content

    Brazil: regulation and technology form basis for recovery

    Opportunities in the capital markets and the ever-growing influence of technology are expected to have a significant impact on the Brazilian accounting profession over the next 12 months, writes Paul Golden.

    read more

    Mentoring support and the opportunity to delegate

    Jon Lisby will be known to many from his former role as CEO of Kreston International. Here, he explains the background to his new venture, Global Alliance Advisory Services (GAAS), and how he aims to offer support to alliance CEOs.

    read more

    Global by name, global by nature

    Stephen Heathcote became chief executive officer of PrimeGlobal on 1 June 2019. Robin Amlôt met him to discuss the various new challenges that he has taken on, and his ambitions for the association.

    read more

    ARGA team, assemble!

    The new top team has been named that will see in root-and-branch reform at the Financial Reporting Council (FRC) as it transforms into the Audit, Reporting and Governance Authority (ARGA). Will the new duo be as dynamic as some are hoping? Robin Amlôt reports.

    read more

    CORONAVIRUS TIMELINE: REACTIONS FROM THE ACCOUNTANCY PROFESSION

    As the Coronavirus (COVID-19) continues to spread across the world, the International Accounting Bulletin and The Accountant will be collating all the latest news and updates from the profession on the pandemic’s impact.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.