Blog

Cyber Attack: Biggest Risk to the Financial Sector

Cyber Attack: Biggest Risk to the Financial Sector

Analysis

Cyber Attack: Biggest Risk to the Financial Sector

Cyber risk has emerged as a key threat to financial stability, following recent cyberattacks in the financial sector. This article discusses major 2020 Financial Institution cyber attacks, different cybersecurity compliance laws, and if you’re a financial institution, how to protect your organization?

Cyber Attacks on Financial Institutions 2020

According to a report, Cyber attacks against the financial sector have increased 238% globally from the starting of February 2020 till the end of April.

In particular, state-sponsored cyberattacks targeting financial institutions are becoming more frequent, sophisticated, and destructive. Below is the table showcasing major 2020 cyberattacks in the financial sector.

InstitutionLocationMonth(Year 2020)Method/Type of Attack
European Central BankGermanyOctober 23Disruption
Vizom BankingBrazilOctober 19Malware
BetterSureSouth AfricaOctober 11Phishing
Japan Stock ExchangeJapanOctober 1Disruption
Hungarian BanksHungarySeptember 23DDoS
Russian BanksRussiaSeptember 23Ransomware
Chilean Banco EstadoChileSeptember 6Ransomware
CIH BankMoroccoAugust 28Skimmer
North Korean ‘BeagleBoyz’ Global CampaignWorld WideAugust 26Malware
New Zealand Stock ExchangeNew ZealandAugust 26DDoS
Experian South AfricaSouth AfricaAugust 19Data Breach
Canadian COVID-19 Relief FundCanadaAugust 15Theft
Dave Third Party Banking AppUnited StatesJuly 25Data breach
Twitter Accounts Hijacked for BitcoinUnited StatesJuly 15Theft
ArgentaBelgiumJuly 13Theft
Chinese tax softwareChinaJune 25Multiple
European BankEuropeJune 21DDoS
CoincheckJapanJune 4Data breach
Banco BCRCosta RicaMay 21Ransomware
Indian Mobile Banking AppsIndiaMay 14Malware
Norfund, Norway’s state investment fundNorwayMay 13Theft
dForce CryptocurrencyChinaApril 21Theft
Spanish BanksSpainApril 13Malware
South Korean and US Payment CardSouth Korea, United StatesApril 9Theft
Monte de Paschi BankItalyMarch 30Data breach
Square MilnerUnited StatesMarch 25Data breach
FinastraUnited KingdomMarch 20Ransomware
Australian BanksAustraliaFebruary 25DDoS
PayPalUnited States, GermanyFebruary 21Theft
Sub-Saharan African BanksAfricaJanuary 2Malware

Among cyber attacks in the above table, fraud and data breaches are more prevalent, yet business disruption is also significant. As per the ORX News dataset

In the Financial Sector cyber-attacks- fraud accounts for 43% of events, data breach 34% and disruption 23%. 

While business disruptions are known immediately, the other types of cyber-attacks can take place for months or years before being noticed and reported, which could lead to a downward bias in the dataset.

Data on cyber risk is notoriously scarce, since there is no common standard to record them, and firms have no incentives to report them.

Major Cybersecurity Compliance Law

United States

In the U.S.the current SEC guidance explains how and when firms should disclose the information to investors. However, there is scope to provide a framework to report cyber-attacks, which could better address existing data gaps.

Europe

In the European Union, the General Data Protection Regulation (GDPR), requires firms to report breaches to the competent supervisory authority within 72 hours. Failure to comply with the reporting requirements could lead to fines up to EUR 20 Mn or 4 percent of global annual turnover (whichever is higher).

Recent PSD2 rules modifying cashless payments have entered into force and are applicable throughout the EU, as well as within the EEA. Only payment services that comply with PSD2 could be used for purchases made on the Internet using bank cards. Those who will accept cashless payments will have to require two-factor authentication, thus making cybersecurity stronger.

The financial sector is highly exposed to cyber risk, across all types of countries. The below image shows the cross-country heterogeneity regarding cybersecurity, with most Advanced Economies and Emerging Markets having a high value of the cybersecurity index (above the median), while middle-income and low-income countries tend to have lower values.

Cyber attack and financial sector - country wise

Sources: Factiva; and author’s calculations

According to a report among financial institutions, banks account for the bulk of the attacks (91 percent of the attacks), followed by insurance companies (7 percent). Among banks, retail banking activities (39 percent of the total) and credit card services (25 percent) were the main business lines targeted.

How can financial organizations protect themselves from cyber-attacks?

With the proper cybersecurity measures, financial organizations can avert themselves against probable cyber-attacks. This includes:

  • Undergoing periodic vulnerability assessment and penetration testing on a regular basis.
  • Limiting administrative access to only those employees who have an actual requirement.
  • One of the most effective methods to enhance cybersecurity is to conduct cybersecurity awareness and training for employees on a regular basis with the help of a security attack simulator and awareness tools. 

With proper adoption of the above cybersecurity measures, organizations become better at defending themselves against every possible cyber threat and thus protect their cyberinfrastructure.

RCDevs in Cybersecurity for Financial Sector

RCDevs Security Solutions is an award-winning security company based in Luxembourg. We offer a broad variety of affordable, secure, and reliable cybersecurity solutions for the financial sector such as:

1)PSD2 Secure Transaction

RCDevs OpenOTP can help you meet the PSD2 requirements while at the same time make your business processes more efficient and user-friendly.

Some of the features include:

1)Compliant with PSD2 SCA and Dynamic linking requirements.

2)One solution for multi-factor authentication and secure transaction approval.

3)Online communication using end-to-end encryption.

4)Offline communication using encrypted QR codes when the phone does not have a network connection.

2)RCDevs Security ecosystem

RCDevs Security Platform is a self-sufficient Enterprise IAM solution that relies on your ActiveDirectory/LDAP user stores and provides fine-grained access policies for all your applications.

Our federation solutions provide enterprise-grade SSO features combined with multi-factor authentication.

3) E-Signature Solution

E-Signature Solution

Sign in the Cloud or On-Premise with OpenOTP Server. RCDevs’ e-signature solution i.e. YumiSign will be an add-on to your security solution in the Financial sector.

Click here to download the solution and use it free for up to 40 OpenOTP users.

en_USEN