Written by: Megha Kumar, Chief Product Officer at CyXcel
When it comes to cybercrime, financial services are regularly in the firing line, with firms around the world losing hundreds of millions to attacks every year.
According to the IMF’s Global Financial Stability Report, almost a fifth of all reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial services organisations in the last two decades. Since 2020, those losses have amounted to an estimated $2.5 billion.
It is, of course, no surprise that financially motivated attackers should be drawn to sector players. Not only do they hold vast amounts of sensitive data and commercially sensitive assets, but they’re also responsible for significant funds.
That does have its merits. Rarely faced with restrictive budgets, financial firms usually have the capital to invest heavily into cybersecurity – something that’s become increasingly mandatory owing to regulatory obligations, such as the EU’s Digital Operational Resilience Act (DORA).
However, in today’s rapidly evolving cyber landscape, financial companies shouldn’t treat cybersecurity as a tick-box exercise of administrative burden. Instead, it’s critically important that they remain proactive in the face of emerging threats, of which there are many.
Generative AI, automated malware and other evolving threats
Of late, we’ve seen a significant uptick in cybercriminals’ misuse of AI to develop increasingly convincing and targeted phishing attacks.
No longer is phishing limited to those obvious, typo-filled scam emails that most of us can spot a mile off. Today, threat actors are sending highly tailored, seemingly legitimate messages that are much more likely to trick people.
Some of the most alarming examples include AI-generated deepfakes designed to create convincing videos or audio clips that mimic trusted figures – from CEOs approving big payments to well-known personalities spreading false information. Yet it’s not just phishing that financial organisations should be concerned about, with AI also being leveraged by threat actors in a variety of other ways.
In the case of audio engineering, threat actors will use generative AI to create fraudulent voice imprints that can be used to breach biometric identification tools used by banks. Others, meanwhile, will deploy AI-backed malware variants, such as the BlackMamba variant, that continuously modify code to avoid traditional detection mechanisms.
In addition, we’ve also seen examples of AI being used to accelerate credential stuffing and brute force attacks, allowing cybercriminals to test passwords at a rate no human could match. Threat actors are similarly now using algorithms to comb through huge data sets quickly, enabling them to rapidly identify valuable targets for theft and or encryption.
Third party risks and supply chain attacks
With traditional defences no longer adequate in protecting against such a novel cohort of evolving AI-backed threats, cybersecurity teams need to become more proactive and agile in managing and adapting their strategies. Yet that vigilance can’t just apply to their own internal systems.
Indeed, financial firms of today rely on a vast network of third-party providers, each of which are likely to have their own cybersecurity flaws or vulnerabilities.
It’s critical to be aware of these as an avenue for potential threats, with supply chain attacks being an evolving risk landscape. Indeed, a recent 2024 Data Investigations Report by Verizon warned of a 68% surge in breaches resulting from supply chain attacks from 2023, with many threat actors actively looking to find ways to attack high value targets via their digital suppliers and partners.
Today, it just takes one enterprise being compromised for impacts to cascade across hundreds or thousands of others, as we’ve seen with SolarWinds. When the US-based information technology provider was infected with malicious code, a routine software update comprised the systems and servers of more than 18,000 companies.
In response, compliance, risk and procurement teams must prioritise due diligence to manage this risk, mapping supply chains, conducting regular audits and adopting stringent third-party vetting and continuous monitoring. By 2025, Gartner estimates that 60% of organisations will use cybersecurity risk ratings to evaluate vendors.
Proactivity is the key to achieving adequate protection
In a threat landscape that’s only set to evolve, financial firms must find ways in which to fortify their own vulnerabilities and assess their suppliers and vendors to mitigate disruptive threats and safeguard sensitive data.
Gone are the days of threat actors being lone actors operating from an isolated PC in their basement or bedroom. Today, we’re dealing with major organisations and nation-state backed, advanced persistent threat actors that are actively targeting financial firms.
In North Korea, ransoms directly fund some of the country’s weapons programmes, with the attack against the Bangladesh central bank in 2016, where the hackers exploited the SWIFT system, being a prime example of nation-state backed hackers’ capabilities.
It’s a criminal industry underpinned by determined and highly specialised actors that have shown a remarkable ability to innovate. The Ransomware-as-a-Service industry operates a complex business model involving social engineering, credential theft, malware deployment and money laundering. Every day, new threats and tactics are arising.
For financial entities it is therefore critically important to take matters into their own hands, ensuring they are proactive in making the necessary security preparations. Today, nothing less than an incredibly robust defences and mapped out resilience policies that are tested and reviewed on a regular basis will be adequate.