Denial-of-Service (DoS) attacks:
DoS attacks, including distributed denial-of-service (DDoS) attacks and DoS botnet attacks, are the most common types of scams affecting the financial service industry.
2 Cyber criminals flood a network or machine with traffic or send information to trigger a crash and deprive users, such as account holders of services.
Digitization:
Bank and financial service providers are increasingly engaging customers online or through mobile phones and Internet of Things (IoT) devices. But some network-connected devices are
not always secure.
Phishing scams:
A
Business Email Compromise (BEC) scam is one of the most common scams used to try to trick victims out of money and confidential financial data. A criminal gains access to a corporate email account and then spoofs the owner’s identity to defraud the company.
Cyber criminals:
The top external threat facing the financial services industry are cyber criminals (40%) followed by nation-states (18%), ‘hacktivists’ (16%), and business competitors (13%).
6
Financial malware:
With more than 1.2 million annual detections, financial malware is a huge threat and 2.5 times more common than ransomware.
4 In an earlier study, 75% of the top 20 U.S. commercial banks were infected with malware.
5Dated equipment:
Financial services firms are constantly incorporating new technology, systems and software into their operations, and legacy IT systems are often inherited from acquired organizations. But old assets, and stockpiling them, can make the organization vulnerable to attack.
Insiders:
In a recent report, 60% of respondents from the global financial industry cited privileged users as the biggest insider threat, followed by executive staff (48%) and contractors (38%).
6 Fraudulently transferring money, or using personal information of customers for identity theft, are examples of privilege misuse.
Negligent employees:
A lot of research has shown that
careless employees who don’t follow security policies are the biggest security threat in organizations.
7 By sharing passwords openly, carrying sensitive information unnecessarily and leaving mobile devices unattended outside of the workplace, they leave their organizations vulnerable to attack.
Third-party partners:
Many financial service providers depend on multiple vendors, partners and other third parties. Studies have shown that approximately 60% of Chief Information Security Officers (CISOs) express some concern about third-party security practices and risk of a data breach.
3