The Banking Sector has been increasingly depending on and incorporating online banking techniques into the daily transactions. While this has generated a multitude of profits for banks, it has also posed new security challenges. Cybersecurity in the Banking Sector is gaining more importance with each passing day!
Cybersecurity in the Banking Sector is the process of protecting the assets of the bank, the customer information and the bank’s resources. Cybersecurity attacks on banks cost a lot in terms of time and money, not just as a result of the cyberattack, but also from aggrieved customers or regulations set by the state.
In this article, we will see how technology and the online world benefited the Banking Sector, the challenges faced by this sector regarding cybersecurity, as well as examples and statistics regarding cyberattacks on this vital sector.
How technology evolved in the Banking Sector
Despite what many might think, Banks, and the financial system as a whole, have been using cybersecurity for the protection of data, operating systems and all their transactions, in an attempt to fend off cases of fraud or identity theft.
In this regard, the growth of the size of the global market of cybersecurity is estimated to reach $345.4 billion by 2026, according to Statista. So it’s only expected that the importance of cybersecurity in the Banking Sector will only increase in the coming future.
Despite continuous growth over the years, banks were always a dreadful errand, where you have to stand in a long queue and have to wait for hours. Technology helped polish this image of banks and financial transactions. Here are some of the many ways technology was beneficial to the financial sector in general, and to banks in particular.
1. Everything is one touch away:
As we can now order almost everything we want online, similarly, you can perform all the operations you once needed to go to the bank for, at the comfort of your home. You can check your bank account, and your balance, pay bills, pay for a purchase or make a deposit. This development has reached as far as the ability to create an investment certificate, wherever you are in the world.
This technological advance is facilitated using Multi-Factor Authentication; which is the most popular way of verifying it’s actually you making these financial changes to your bank account. Multi-Factor Authentication can use two ways to authenticate your identity. The first is through sending you a text message with a code to verify it was you making the changes. The other way, which is more secure, is through using an OTP (One Time Password) application set by the bank, to verify the changes.
2. Less Room for Human Error and Better Protection of Data:
When banks were all dependent on paperwork and the skills of their employees, the room for error was massive. No matter how focused you are, you will miss something at a given point, and when it comes to financial transactions and data, the smallest detail is as important as the big ones.
The introduction of technology in the form of computers, helped reduce the error possibility to almost a zero, which is staggering. Another merit of introducing computers was the better protection of data, which was once obtained easily through stealing some papers. Now, a cybersecurity system, supervised by trained security officials, helps protect data from any possible cyberattack.
3. Enhancing Customer Experience:
The old banking systems required you to head to the bank, by yourself or something you’ve legally authorized, to perform any monetary transaction or operation, no matter how small. You also needed to fill and file a lot of paperwork, and stand in a long queue for a long time, it might even take your entire day. Sometimes even you didn’t get to finish what you went to the bank for.
Today, however, you can finish a multitude of bank-related tasks and operations, all hassle free. This also reduced the amount of time you would’ve needed to spend at the bank, all due to the development of Internet Banking and Mobile Banking Applications. Each bank has its own banking application where you can securely perform all these financial operations.
While this saves you a lot of time, it also benefits the bank. Since the bank works to facilitate your banking experience, it also works to achieve customer satisfaction. Hence, boosting the bank’s reputation and attracting more customers. It’s a win-win situation.
4. Using Business Intelligence to Boost Profitability:
Business Intelligence was a strategy system that was recommended to be used by banks all over India. This system had a database of past, current and possible future trends, which allowed the banking systems the ability to forecast the evolvement of the financial sector and make decisions based on such evolvements.
BI eventually helped banks make better decisions when it came to increasing the profitability, productivity and efficiency of their business.
The Effect of Cybersecurity in the Banking Sector
The Banking Sector, like all society sectors, benefited greatly from technological advances. Constant improvement in the field of cybersecurity has also served the banking sector, and continues to do so, such as in the following cases:
1. To Monitor and Prevent Fraud:
Personal information is the key to gaining access to someone’s bank account. When customers use their bank account to perform any monetary process or use one of the bank’s services, they develop a certain pattern, almost like a distinguished fingerprint. Banks are working to increase the integration of using machine learning algorithms, which identify each customer’s banking fingerprint.
If a hacker was able to obtain the personal information of a customer, used their bank account to transfer money to themselves or used it for other seemingly legal but suspicious activities, the algorithms are able to detect this false activity and alert the bank of the breach.
2. The Security of Payments:
One of the most common ways hackers use to try and obtain the personal information of bank customers is by sending them a fake email, from their bank, asking them to verify their information by either clicking on an attached link or to provide the credentials they use in their banking operations.
If the customer fell for the fake email, the hacker will then have a copy of their personal information or bank credentials and they can use it however they want. For this reason, the existence of anti-phishing protocols or tools for protection against phishing as a part of the cybersecurity system of the bank is vital. These protocols or tools allow the bank to protect its customers by keeping track of these bogus emails.
3. Identification of Compromised Devices:
The evolvement of online banking gave everyone the ability to access their bank account in the comfort of their home, using their computer or even mobile phones, since some banks have developed a mobile application for ease of access. It’s not very often you find the internet network at home as secure as it might be on the bank’s end. This provides an easy door for hackers to slip through.
The detection of the hacking of a customer’s bank account might be tricky if it happened through the home network of the customer. The bank will need to use tools of Threat Intelligence to be able to keep track of the activities on the end of the bank user, if any suspicious activity takes place.
4. Retrieving Data:
When conducting monetary processes through their bank account, the user must provide certain information to verify their identity, like the account numbers or even a PIN code. In this regard, banks need to always stay alert for the theft of any credentials and be able to spot such behaviour, to prevent illegal access to the customer’s bank account.
Here, the use of methods such as Multi Factor Authentication comes in handy, where the bank requires the bank user to enter a code sent to them via text message. Even though hackers found a way around using MFA, a more secure method was developed, and it is called an OTP or a One Time Password, sent to the user via a separate application developed by the bank and installed on the user’s phone.
5. Tools for Data Protection:
Money is the direct prize that hackers gain when they breach a person’s bank account. However, a higher end is these hacked accounts can lead the hackers to obtain company data that is sensitive. A hacker who was able to breach a bank’s cybersecurity system, has the ability to steal corporate, financial and personal data.
If a bank’s data system is infiltrated, stealing money will be the least of the bank’s problems. Identities will get stolen and even worse, the hacker can leverage the data and ask for money in return. This is why it’s important for the banks to use the proper methods for storing and protecting their data, such as using blockchain to decentralize data by dividing it into many pieces, stored in different nods.
Why is Cybersecurity important in the Banking Sector?
In the past, money only needed to be protected physically, by appointing alarm systems and able security personnel. Today, however, the threats to money have taken up another dimension; a cyber-dimension. Here’s why the Banking Sector needs cybersecurity:
1. Preventing Financial Losses:
The information of millions of people is stored in the bank’s system and any breach of this system can result in a horrible outcome. On the other hand, if a hacker was able to gain access to your bank account, they will easily drain your account from any money and even if you were able to regain access to your bank account, it’s almost impossible to recover the stolen money.
In the event a hacker was able to access your bank account, banks follow one of three ways to handle such a problem:
- The bank will pay you the amount of money stolen from you, as compensation.
- The bank will freeze your account indefinitely.
- The entire branch of the bank, where the fraud or theft took place will be closed.
The first two options can be damaging to the bank, since paying money as compensation can be costly, while freezing clients’ accounts will eventually lead to losing clients. To avoid the occurrence of fraud from the beginning, banks use technological advancements such as biometric authentication and AI to lower the risks of fraud and cyberattacks, eventually leading to the security of financial transactions.
The implementation of such protective measures will also increase the trust customers have in their banks and boosts the bank’s reputation as well.
2. Protection of Consumer Data:
Data has always been the ultimate goal behind any cyberattack, no matter the means used. Banking systems are the keepers of data regarding billions of people around the world, and the protection of this data and the customer transactions must be at the top of the agenda of any banking system.
The threats to consumer data are endless, such as:
- Identity Theft:
This happens when the attacker attempts to change the personal information of the victim and later uses it to access their bank account or to access any data of the victim that they can use to obtain illegal gains.
The most popular version of phishing is using malware, including malware-infested emails, text messages, links and even websites. Using any of the past channels, the attacker will make the website or message look as official as possible, to lure you in. The result is the theft of your personal information, including social security numbers, banking information, credit card information and the list goes on.
3. DoS (Denial of Service):
Denial of Service attacks aim at disrupting the services offered by the website of a certain organization. This works by flooding the network of the organization with requests that the network gets jammed and eventually breaks down due to overload.
Instead of directing you to the website of the organization or service you want to access, Pharming will redirect you to a fake website where the hacker can steal your data easily. As you enter your credit card information or payment information on this fake website, you give the attacker access to your data. Hence, this form of cybersecurity attack doesn’t only put your data at risk, but also your finances.
All these possible cybersecurity attacks use the personal information of the victim to also obtain personal illegal gains. However, such stolen personal information can also be used for many other purposes, such as leverage and political wars for example. Organizations such as Citigroup began using biometric authentication for all the customers from the US.
3. Preserving the Bank’s Reputation:
Due to the sensitivity of the dealings inside banks, with regards to both data and money, banks always had strict protocols and regulations to follow, which at the beginning wasn’t something encouraging when adopting new technologies. This changed with the increase in cybersecurity attacks on banking systems, so banks had to move quickly to keep up.
A cybersecurity attack might instantly affect the bank’s finances, but it will also hurt the bank’s reputation in the long run, especially if there were repeated attacks. The cybersecurity giant Kaspersky conducted a survey of customers in the UK, the US, Germany and India, which resulted in more than 94% of the customers saying if their data was harmed or got into the wrong hands, they’ll definitely change banks.
Sixty percent of those surveyed also stated they take a long time before deciding on a bank to work with, this hesitation was driven by fear of getting their data stolen. A Comparitech report in 2020 used the scores of cyberattack vulnerability to determine which countries were cyber safe. Japan came first, followed by Ireland, Germany, Sweden and Denmark.
This is why adopting new technology such as AI and data encryption is vital to the life of a banking system.
4. Avoiding the Implementation of Penalties due to Non-Compliance with FDIC:
The protocols and regulations set for banks to follow are set by the Federal Deposit Insurance Corporation. Failure to comply with these regulations can result in the imposing of serious penalties such as fines upon the violating bank, the penalties can even result in the permanent closure of the said bank.
Some of the previous penalties imposed by the FDIC included:
- Payment of $1 million dollars for a single violation.
- In cases of severe violation, imprisonment for a year.
- Ratification of the violations of the contracts.
The penalties are so severe since they aim to protect customer data, finances, the bank and the financial sector as a whole. So, it only makes sense to seek the protection of a good cybersecurity system. In this regard, some FinTech companies use blockchain technology as one of the many solutions of cybersecurity, all to help in elevating the bank’s protection standards.
Other financial institutions seek the help of blockchain developers to benefit from this technology. Blockchain technology can assist in providing protection for the financial systems, such as:
- Blockchain allows financial institutions to do both, follow the regulations of the FDIC, as well as avoid getting fined by them. The technology helps do that by allowing the financial institutions to store all their clients’ sensitive information in a decentralized database.
- The use of blockchain gives the banks the opportunity to share information regarding their clients without the risk of putting their identity or security at risk. This particular point will help in preventing fraud, identity theft and money laundering attempts in the future.
- Integration of blockchain in the bank’s system allows the creation of an efficient system for preventing security breaches, most notably phishing attempts, Man in The Middle attacks (MITM) and Distributed Denial of Service attacks (DDoS).
- The use of encryption technology in blockchain means it is more secure than the regular protection systems, which also means blockchain is almost impossible to hack. On another note, the decentralization of blockchain makes it more secure than regular databases.
- The way blockchain stores information is by splitting sensitive information into several pieces and then store it on different nodes, which leads to the decentralization of the whole system. In this regard, if the hacker succeeded in attaining a single piece of information, they won’t be able to have a complete puzzle of information to misuse.
5. Service Digitization:
The digitization of services in the banking sector helped raise customer satisfaction through facilitating how customers obtain the services. However, this satisfaction is at a high cost, being the nearly constant threat to data and finances from hackers.
Some of the services facilitated through digitization include:
- Customers are able to get their paychecks in mere days, due to direct deposits.
2. You can use your e-wallet to get whatever you want online, whether to buy groceries or even buy shares in a certain company.
3. If you’ve got an internet connection, you can use your bank account to transfer money, not only inside your country, but to another country as well.
The increase in digitizing banking services naturally led to a lot of spending on the continuous upgrade of the banking system. This means that the bank incurs huge costs for the upgrade, but doesn’t get any revenue or compensation in return. The reason for this mainly being that customers rarely need the help of the bank’s personnel anymore, as they’ve mastered how to manage their accounts themselves.
The way to give back to the bank for the investment in service digitization is by utilizing the tools of cybersecurity to provide the best protection for all the sensitive information and finances held by the bank.
What are the cybersecurity challenges faced by banks?
There are many challenges banks face when it comes to cybersecurity, such as:
1. Mobile and Online Banking:
The introduction of online banking facilitated how individuals access their banking data, anywhere and at any time, as well as making available many services that were only once offered at the bank premises. If the bank has set up its cybersecurity network to protect client data and safeguard the bank’s information network, a threat is still imminent from the other end.
While accessing your bank accounts using a computer can still be secured by having a protection software installed, more people are using their mobile phones to access their bank accounts. Mobile phones are not as secure as using a computer, since it’s rarely a protection software is installed on them. Not to mention, mobile phones are easier to hack, giving easy access to your banking information.
Not only you must use the trusted mobile application of your bank, but it would be better if you get a protection software installed on your mobile, if you use it very often to access your bank account.
2. Balance between Security and Convenience:
The security measures set by any bank must balance two main components, security and convenience. If the security measures of the bank are not adequate, this can easily lead to data breaches and theft, which will lead the customers to switch to another bank. On the other hand, if the security measures are too strict or complicated, customers will most likely switch to other banks with more leniency.
The inconvenience of the security measures of the bank will put extra costs on the bank in order to upgrade or change its security measures. This means the hiring of more personnel, hardware and installation of software.
3. Multi-factor Authentication:
Multi-factor Authentication was like a revolution in the banking sector, in particular. This is because MFA easily facilitated the processes of online banking and allowed individuals to make transactions, pay bills and transfer money, all using their bank’s online system or mobile banking application, just to name a few.
The challenge with MFA is that many of them are based on either phone calls or text messages. These text messages, for example, are not encrypted, rather they are sent in simple text. An automated Man in the Middle Attack can intercept this text message, hence gaining access to the victim’s bank account by entering the authentication code.
4. The Effectiveness in Managing Risks of Breaches:
The bank might have one of the best cybersecurity systems in place, but this doesn’t mean that hackers can’t or won’t stop until they’ve found a way to get around it. In order to avoid any compromise to their cybersecurity systems, banks must always test these systems, check for any vulnerabilities and apply any recommended or possible updates to the system. The banks must also seek to implement the latest technologies in the field of cybersecurity, to tighten the grip on hackers.
5. Breach of Third-party Data:
Hackers are constantly coming up with new ways to breach the defences of banking systems. One of the most recent doors opened for hackers is through both, the shared banking systems and third-party networks, which the hackers are using to perform their attacks.
A cybersecurity plan for the shared banking system is inevitable in order to provide protection for the transactions and banking services used by individuals. A cyber security breach to the data network will cause a major breach that will result in the leakage of sensitive data, regarding clients as well as organizations and could result in a national threat as well.
6. The Financial Impact of Breaches:
While the immediate damage resulting from a hacker obtaining the banking information of a certain person, is to the victim, there’s also a huge impact and damage to the bank. The data which the hacker was able to obtain, can be used in stealing money, for a more direct purpose, but can also be used for numerous illegal activities.
This also applies to the case when the hacker is able to crack the cybersecurity system of the bank and acquires possession of sensitive information. Such a security breach can lead to many lawsuits filed against the bank and can even result in the changing of the applicable government regulations.
All these extra costs, to defend themselves in the lawsuits, pay compensation and even to change procedure protocol to put the new regulations into action, mean the bank will incur massive costs to pay for all of this. This will have an overall bad effect on the profit margins of the bank, since these additional costs get deducted from the bank’s revenues.
Since its invention back in 2009 and for the following ten years, there have been major cyber security attacks on many cryptocurrency-related services, such as crypto-exchanges, such as malware, phishing and even targeted attacks. These attacks were mainly due to the lack of cybersecurity protection provided to the decentralized currency markets.
The protection provided to the cryptocurrency is through the usage of crypto wallets as well as blockchain technology. Outside these two venues, it’s nearly impossible to apply the cybersecurity of the banking system to the cryptocurrency, which leads to leaving many gaps in the protection of this new currency. This will lead to leaving many doors open for hackers to steal the coins and making illegal profits off the market increase.
8. The Evolvement of Cybersecurity Threats and Vulnerability Points:
Technology is not only evolving in the field of cybersecurity in all sectors, but it is also evolving when it comes to the methods hackers use to undertake cyberattacks. This naturally results in the constant updating of the cybersecurity system of the bank, to keep up with all software and technological advance regarding that security system.
In addition to working tirelessly to keep up with the evolving hacking methods, banks spend a lot of money and time to hire extra personnel, installing new hardware and updating software. This takes a huge chunk of the bank’s revenues to keep up with the evolvement of cybersecurity threats and vulnerability points.
9. Banks Must Invest in New Technology:
Unfortunately, no matter how quickly banks adopt all the new technological advances, they can still be one step behind hackers. This is mainly due to the time hackers have on their hands, they work day and night to find loopholes and vulnerability points through which they can hack a bank’s system. The more time those hacks have, the more likely they will succeed in their hacking attack.
Banks have been known to be rigid when it comes to adopting new technology, most probably because of the complicated and lengthy protocols and regulations they need to follow in almost every process they undertake. However, banks will need to step up their technological game and adopt the new cybersecurity technological advances firsthand.
Most common cybersecurity attacks on banks
While the density of cybersecurity attacks differs year after year, some forms of attacks remain constant, while the danger of others increases significantly. Here are the most common cybersecurity attacks to expect will continue into 2022:
Ransomware is one of the most used and annoying methods used by attackers. This is where the attacker locks organisations out of using their data and demands a ransom in exchange for giving them access again. If the institution doesn’t have a backup of its data, such a security breach will result in crippling the business and will lead to unquantifiable losses for the institution.
Even though some organisations can pay the requested ransom, that doesn’t guarantee the safe return of their data, in many cases that doesn’t happen.
2. Cloud Cyberattacks:
Hackers are upping their game to keep up with the increased use of cloud usage for storing and managing data, resulting in an increase of attacks on cloud systems. The best way to protect clouds is by ensuring their security infrastructure is well defined and configured.
3. Remote Working:
With the third year of the Covid-19 pandemic underway, there are more people working from home and businesses, including the financial sector and banks are beginning to rely more on the cloud to store and manage data. Since the data for businesses are no longer stored on regular systems or networks, it creates new vulnerabilities for these businesses.
4. Supply-chain Attacks:
This is one form of attack that is becoming increasingly popular, that is through using the network of the supplier or vendor, the attacker uses fake products and advertisements to send customers malicious code. Since the attacker sends the code using the vendor’s network, the product will appear genuine. The danger of these attacks is they allow the attacker to enter the customer data stored by the vendor.
5. Social Engineering:
People will remain one of the weakest links in the security chain, since attackers can trick them and steal their information. This is why social engineering is one of the most dangerous forms of cyberattacks facing banks, since it also targets customers as well as employees.
There are many forms of social engineering attacks, including phishing, bogus emails pretending to be from a trusted source and whaling attacks. Offering cybersecurity awareness classes for your employees is important so they’d be more cautious about what they receive.
Examples of cybersecurity attacks on banks
Cyberattacks on banks in the past years have been on the rise, especially with the increase in reliance on the internet and mobile banking. Here are examples of some of the recent cybersecurity attacks in the past years:
- Flagstar Bank in the United States was the target of a ransomware attack in 2020. The personal data of the bank’s customers was posted by the hackers online in order to force the bank to pay the ransom.
- A Distributed Denial of Service (DDoS) attack targeted one of the servers of the New Zealand Stock Exchange in 2020, leading the stock exchange to shut down until the attack was contained and handled.
- Robinhood, an online stock platform for trading, was targeted with an attack in 2021 leading to the revealing of the personal information of 7 million customers.
- The customers’ ability to access their banking accounts online in Pichincha Bank, a bank in Ecuador, after being the target of a cyberattack in 2021.
Statistics of Cybersecurity in the Banking Sector
Banks are one of the main elements of the Financial Sector in any country, and cyberattacks on this integral sector directly affect banks. Here are some of the most recent statistics in the financial sector with a focus on the banking sector:
1. Money is the motivation behind 71% of Cyberattacks:
Research by Verizon confirms that obtaining illegal finances remains the main objective behind the majority of cyberattacks. The research stated that groups of organized crime are responsible for about 39% of the overall data breaches. Another alarming finding of the research is that a whopping 56% of data breaches were discovered after months of the breach date. If this is an indication of something, it is that cyber criminals are becoming more experienced.
2. Eighty Percent of Data Breaches in the Financial Sector are the result of Investigations regarding Payment Cards:
SecurityMetrics released a report that clarifies how e-Commerce resulted in a spike in data breaches. The same study conducted six years apart shows that the majority of the breaches in recent years shifted from the online sellers’ side, to the consumer side. If this is an indication of anything, it is of the heavy dependence of consumers on online shopping in recent years.
3. The Banking Sector incurs the highest costs of data breaches, with a yearly estimate of $18.3 million per Company:
According to Accenture, the financial sector and the banking sector, in particular, have been spending record amounts of money in the past years to keep their cybersecurity systems up to date, and to protect the valuable holdings of their customers.
Another reason behind the high cost of successful cyberattacks on banks is the damage they cause to the bank’s reputation and the effect they have on customers’ trust in the bank. These two factors result in customers switching to other banks, which means less revenue for the bank.
4. Forty-seven percent of data breaches in the financial sector in 2017 targeted banks:
The most attacked financial institutions in the financial sector are banks. This high percentage of cyberattacks began to also include projects of cryptocurrency during the past three years. According to ERPScan, cyberattacks targeting cryptocurrency projects amounted to 21% in 2017, followed by loan companies in the third place with 11%.
5. Your data remain compromised for 127 days after being captured:
One might think that after your data has been stolen once, retrieved and security restored, that all is done. This is far from the truth, says SecurityMetrics, as after the first instance when the hacker stole your data, they can still be recording, gathering and storing it, for a period of time up to 127 days. This means that your data remains vulnerable for over six months after an attack has taken place.
On the other hand, if the cyberattack targeted an organization, its data will remain under the same threat for about 257 days. This costs organizations, especially financial ones, huge amounts of money, with a cloud of uncertainty looming over them.
6. Ninety-two percent of ATMs are prone to cyberattacks:
Positive Technologies issued a report they worked on that showed how ATMs remain an easy target for cyberattacks. The report explained how 85% of ATMs are vulnerable to many types of cyber and network attacks and their security system isn’t enough to stop the attacks.
The ATMs tested in the reported study showed the vulnerability against tampering with the access centre. Black box attacks could easily target 69% of ATMs and a staggering 76% of ATMs easily gave the hacker access to its operating system, after exiting the kiosk mode.
7. The devices of over 500 million users are infected with crypto-mining software:
According to a report by AdGuard about the statistics of data breaches, there were 200 websites that had a total number of 500 million users, were the reason the devices of these users got infected with crypto-mining software, all within the record period of three weeks. The average amount of money these websites made during this period of time was $43,000.
The money these websites made was not the only problem arising from crypto-mining programs. These harmful programs caused further damage to the computers of the victims, which posed a new problem for the users.
8. A single data breach costs an average of $3.92 million:
In general, the cost of a successful data breach differs from one country to the other. However, the average cost of almost $4 million is still high, according to IBM. The United States had the highest cost of a single data breach, amounting up to $8.19 million.
9. Ninety-seven of stolen records are American:
Gemalto stated that the world’s most powerful economy of the United States is the target of the majority of cyberattacks, with around 60% of cybersecurity breaches taking place in the States. Furthermore, stolen American records reached a staggering 96% of the total records stolen.
10. In 2017, 65% of America’s 100 top banks failed in tests pertaining to web security:
Statistics released by IBS Intelligence revealed that even some of the most popular banks in the United States don’t have the best cybersecurity systems to protect their websites. Of the banks tested only 27% of banks passed the testing to be classified as safe from breaches. The more surprising statistic is that this percentage represented a 28% drop compared to 2016.
11. In 2018, there was an increase by 60% in the financial impact that ransomware attacks had on economies:
A bittersweet report released by Internet Society about cyberattacks and data breaches revealed that the number of both data breaches and stolen records had fallen in comparison to 2017, the financial impact of these breaches and stolen records was higher than in 2017.
The report further stated that the affected businesses saw a doubling of their losses during the same period of time, while incidents of cryptojacking tripled. High-level breaches saw a steady and constant increase throughout the same year.
12. Sixty-six percent of the businesses affected by data breaches are uncertain if they’ll be able to recover:
IBM revealed in a report how the number of cybercrimes is multiplying to mirror technological advances. The report sought the opinions of 2,400 security and IT professionals, of whom 75% stated there was no action plan in place in the event of a cyberattack. It’s no surprise that more than two-thirds of businesses affected by successful cyberattacks expressing doubt they’ll ever recover from such attacks.
13. In 2018, formjacking code was the main threat to an average of 4,818 websites:
In further explanation, Symantec said that stealing the information of just 10 credit cards from these eCommerce websites, translates to about $2.2 million. This might explain why using formjacking is increasingly becoming a more popular means of conducting a cyberattack among criminals.
14. The century’s largest robbery of $1 billion was the work of the Carbank Gang:
The Carbank Gang used spear phishing emails to target 100 banks from 30 different countries around the world, to steal a staggering $1 billion, making this robbery the biggest in this century according to a report by Kaspersky. The gruesome malware attacks conducted by the gangs, lasted for the duration of more than two years, directly targeting the banks, rather than targeting the banks’ customers.
15. In the US, 8 out of 10 adult citizens fear businesses are unable to secure their financial information:
AICPA showed in a report that Americans are continuously losing faith in the financial institutions, where they believe these institutions don’t have the ability to keep their financial data safe. Hence, more than half the Americans had the expectation they’d fall victims to fraud that will hurt their finances.
16. Threat of cybersecurity breaches drove about 80% of adult Americans to change their behaviour:
The study conducted by AICPA stated that of the people surveyed, 56% of them revealed they monitor their accounts themselves against any fraudulent or suspicious behaviour. A percentage of 43% admitted to using cash and cheques instead of relying on credit cards, in an attempt to lower the risk of any cyberattack.
After many high-profile data breaches, people’s behaviour continued to change when it comes to how they spend their money as well. The study said that 40% of people shifted from shopping at national chain stores to local shops, also to decrease dependency on using credit cards.
Another attempt to lower the risk of falling victims to fraud, around 26% of people decided to reduce their presence on social media, and a fifth of the people surveyed said they sought the services of monitoring and fraud detection.
17. Emotet malware is responsible for 16% of the financial Trojans:
Emotet was discovered in 2014 and it was designed as a Trojan with the aim of stealing sensitive information by being embedded in spam emails. This new malware has the ability to escape software designed to detect malware, which increased Emotet’s share of financial Trojans by 2017 to 4%. After three years, the financial Trojans Emotet was responsible for jumping up 4 times.
According to Symantec, Emotet can sometimes be used to spread Qakbot or Qbot, which is another malware used for stealing information, that’s been around since 2007. More recently, the discovery of Qakbot in the system means there was a huge ransomware attack that is about to take place, where Qakbot is used as a means to install harmful software.
18. Financial institutions are 300 times more likely to be a target for cyberattacks:
Back in 2018, there was an alarming increase in cyberattacks on financial institutions, up to 67%. As stated in a research about major data breaches conducted by Carbon Black, a percentage of 26 of the financial institutions surveyed admitted to having suffered from destructive cyberattacks. This percentage represented a 160% increase in the attacks on these institutions, in comparison to the beginning of 2018.
One of the contributing factors to this increase in cyberattacks on financial institutions is the increased complication of these cyberattacks, according to 79% of the security officers working in corporates surveyed in the research.
The Covid-19 pandemic was regarded as a factor that will result in a spike in cyberattacks, leading the European Central Bank to issue guidelines urging financial institutions, and banks in particular, to double check their cyber security systems and brace themselves for a new wave of cyberattacks. This was also fueled by the increase in the number of people working from home during the pandemic, which might put the banking networks at risk.
19. According to the FBI, ransomware attacks accumulated $1 billion per year:
In a report released by the Department of Justice in the US, the department not only states that ransomware scammers were able to obtain $1 billion per year, but also around 100,000 computers are infected with ransomware every day, on a more global scale. The reason behind this staggering increase in the money stolen by these ransomware attacks, is that the attackers’ target changed from ordinary people, to large corporations and businesses.
Unfortunately, the bleak report also stated that these ransomware attacks were not going to slow down. By the end of 2021, it was estimated that every 11 seconds, a new business will fall victim to a ransomware attack.
20. By the end of 2018, the number of crypto-jacking URLs doubled:
Help Net Security stated that this unprecedented increase was mainly due to the rise in the popularity and value of Bitcoin. Cryptojacking can be defined as the type of cybercrime where the attacker secretly hacks and uses the victim’s computer to mine cryptocurrency.
The reason behind the popularity of using cryptojacking is the small footprint it leaves, and how victims don’t need to pay a ransom such as in cases of ransomware. Despite this, in 2019’s second half, cryptojacking attacks fell by a percentage of 78%.
21. Sixty percent of Americans said they or close family members were victims of data related fraud:
According to AICPA, the number of Americans facing cybersecurity attacks in the form of fraud or identity theft is increasing. A different form of communication that involved impersonating the IRS, represented 34% of reported attacks. These attacks were conducted using letters, emails and even calls.
The following two cybersecurity attacks were credit card numbers’ theft with 28%, followed by phishing scams and fraudulent emails with 26%.
22. By 2027, spending on training staff in the field of cybersecurity will amount to $10 billion:
By the end of 2020, it was estimated the number of people online reached a staggering 4 billion. Regular cybersecurity measures and protocols won’t be sufficient to keep businesses protected from the flood of cyberattacks. As pointed out by Cybersecurity Ventures, businesses need to pay more attention to the training of their staff in cybersecurity to lower the effect human error still has in unintentionally facilitating cybercrime.
23. In 2019, 1,473 cybersecurity attacks targeted the United States, where 164.6 million records were stolen:
Statista revealed that even though the total number of data breaches increased, the actual number of stolen records actually fell from 472 million in 2018 to 164.6 million in 2019. This decrease also indicated the seriousness with which the matter of cybersecurity crime and data breaches was handled in the US. Only 35.7 million records were annually stolen, about a decade ago.
24. Cybersecurity is the top concern for most community banks in the United States:
The Conference of State Bank Supervisor conducted a survey about the top concerns for community banks, where a total of 571 banks from 37 states were surveyed. The results of the survey showed that more than 70% of the participating banks said their top concern was cybersecurity.
25. The majority of financial institutions suffered from a recent cybersecurity breach:
Vanson Bourne is a firm of technological research, which conducted a survey that involved 100 senior business professionals who were hired by financial organizations in the UK. This survey revealed that 70% of these financial organizations fell victims to a cybersecurity data breach in the past 12 months.
The main reason cited for this high percentage of attacks was the failure of the organizations’ employees to follow the defence protocols against cybersecurity attacks. Some of the other reasons included using third party devices such as USBs that already carried viruses and malware, which amounted to 32%, downloading files and images at 25% and accidentally sharing data with others at 24%.
26. Cybersecurity attacks involving data breaches will only continue to grow:
In a report by Accenture released in 2019 titled “Cost of Cybercrime Study in Financial Services, there was a 13% growth in the number of data breaches in 2018, amounting to 152 breaches, comparing to the 134 of 2017.
There were some shocking facts included in that report such as:
- Malicious Insiders topped the list of being the most expensive attack to resolve: the report cited an increase of 44%, with an average cost of $243,101. The top five costly cyberattacks were malicious code with a cost of %157,891, phishing and social engineering averaged at %156,690, DoS of denial of service attacks cost $133,949 and finally, web-based attacks cost $84,954.
- Malicious insiders were the longest to resolve: an average of 55 days was the time it took the IT officials in the financial sector to resolve. Following these were malicious code with 49.8 days, ransomware took 33.8, web-based attacks took 25.9 days, while phishing and social engineering attacks took an average of 24.3 days.
- The financial sector loses an average of $18.5 million to cybercrime every year: the report stated that this average cost is per company, which is a huge cost. This makes cybercrime more costly in the financial sector than it is in other sectors, where the average of a cybercrime attack costs an average of $13 million.
27. Financial institutions allocate 0.3% of their revenue to cybersecurity:
The study by a consulting firm called Deloitte, which included employees from 96 financial firms, came to the conclusion that 0.3% of the revenue and 10% of the IT budget of these firms are allocated to cybersecurity. This means the average per employee is $2,300.
28. The banking sector is expected to invest in cybersecurity more than any other sector:
The research firm IDC forecasted that the banking industry is the one with the highest investment in cybersecurity, followed by the manufacturing sector and federal governments, together they all represent 30% of the global spending on cybersecurity. According to the IDC, by 2023 the total cost of this investment will amount to $151.2 billion. The research also concludes that these three sectors are likely to spend 35% of their budgets on services of managed security and services of integration.
29. Financial institutions are better at detecting data breaches than preventing them:
Ponemon Institute conducted a survey that included 400 cybersecurity officials from different institutions in the financial sector, which revealed that financial institutions are better at detecting cybersecurity attacks with 56% and containing these attacks with 53%, than preventing cybersecurity attacks with 31%.
Other findings of the survey included that the main concern for many in the financial industry is the risks to the supply chain, however not a great number of these institutions allocate enough resources to handle those risks. Around 74% of the participants cited worries regarding the security status of third-party applications and software, while a mere 43% only of the financial institutions enforce their requirements of cybersecurity upon third parties.
30. Financial institutions, including banks, get thousands of cyberattack attempts every day:
In an interview with the New York Times, credit card company Mastercard, shared with the newspaper the staggering number of cyberattack attempts they face in a day, which on some days exceeded 460,000. However, what Mastercard was facing wasn’t an isolated incident. Ovum conducted a market research in 2017 that revealed that around 40% of banks receive 160,000 daily cybersecurity alerts, ranging from irrelevant, errors or duplicate alerts.
It’s worth noting that more than 73% of financial institutions use a variety of tools to detect cybersecurity attack attempts, some of which use more than 24 tools to identify these attempting attacks.
31. CISO reports to whom?
A Chief Information Security Officer is responsible for the setting of a cybersecurity plan and making sure that the data is well-protected. When a breach in the institution is discovered, part of the cybersecurity action plan is to report to one of the officials in the institution.
Infosys stated that after a survey of 277 of senior executives in the sector, a 34% of CISOs report to the CIO (Chief Information Officer) while 32% of them report to the Board of Directors. These two were followed by a percentage of 23% of CISOs reporting to the Information Security Council, while reporting to the Head of Audit, COO (Chief Operating Officer), Head of Risk and others, got percentages of %5, 3%, 3% and 1% respectively.
Trends of Cybersecurity in the Banking Sector
As once traditional or physical security measures evolved in the Banking sector to help protect the precious belongings stored inside, the means with which criminals developed their tactics to undertake their attacks, the same applies to cybersecurity in the banking sector and the evolution of cyberattacks on such an institution.
A driving force behind the constant technological advances in the online banking sector is the increasing demand by millennials and Generation Z to be able to access all their banking information online. This dictates the constant adoption of new technological advances in this vital sector, so that the banks can keep up with the increasing demand.
Such a driving force will not only change the face of the banking sector, but that of the entire financial sector. Retail, mobile banking and even neobank startups, this advance is only moving forward into the foreseeable future.
In this regard, here are the latest cybersecurity trends in the Banking Sector:
1. Retail Banking:
Retail banking refers to the multiple services offered to the customers by the banks, such as checking accounts, savings, credit cards, loans and debit cards. Thirty-nine percent of retail banking executives stated, to Insider Intelligence, that the biggest effect technology has on retail banking is effectively reducing costs, while only 24% of the executives said it’s improving the experience of customers.
One of the newest steps of retail banking, in order to keep up with the competitiveness of the market, is launching what’s known as Banking-as-a-Service space or BaaS. An example of this would be the launching of a BaaS by the British neobank Starling, after it used to only offer retail banking services directly to the consumer, also known as B2C. The launching of BaaS by Starling upped its revenues as well as products.
2. Mobile Banking:
In the past few years, almost no financial institution could keep up with the demands of its customers, without benefiting from the advancement that is mobile banking. Even though statistics show that older people don’t trust mobile and online banking as millennials and new generations do, the move to mobile banking has been of great financial benefit to all the banks which adopted it.
Insider Intelligence conducts an annual study about Mobile Banking Competitive Edge, where more than 45% of those included, stated that the existence of a mobile banking system is one of the top three factors they consider when settling on a certain bank. Around 80% of those surveyed admitted that the main way they check their bank account is through using their mobile banking application.
Due to the Covid-19 pandemic, reliance on online banking saw a huge increase, where more people turned to online and mobile banking, during times of lockdown. This is a time for banks to reevaluate their stand in the market, and to focus on identifying the mobile banking services most valued by their customers.
This increase in the use of mobile banking triggered with it, the consumer’s fear of data breaches. Meaning, that banks ought to increase the methods of protection of the consumer’s data. Some of these methods might be like giving the consumers the ability to place a credit or debit card on hold, scheduling travel alerts, as well as filing and reviewing the disputes of card transactions.
3. Online Banking:
Despite the revolution that online banking represented in the banking sector, mobile banking is taking over this role. The rate of growth of online banking, according to Insider Intelligence is five times less than that of mobile banking, not to mention that half of the users of online banking are also users of mobile banking.
The failure of some banks to pay more attention to constantly updating the list of services they offer through mobile banking, pushes their customers to continue to use online banking instead, such as paying bills for example. This might be a faint attempt at promoting online banking, but it’s not as effective a tool as the increase of usage of mobile banking by millennials and Generation Z.
4. Digital-only Banks:
Otherwise known as neobanks, these are expected to be the future of the banking system. The basis for these new types of banks found a solid ground in the Covid-19 pandemic, which helped break some of the many restrictions imposed in the US against the adoption of these banks.
To customers, especially the new generations, neobanks are the new level of banking, which all the financial sector and technology firms need to understand how to benefit from and how it can improve the user experience to help their businesses keep aloft.
The largest neobank in the US, Chime, was able to attract more than 7.4 million customers until 2019, and the number is only expected to grow to reach 19.8 million by 2024. The development of these digital-only banks, will eventually replace the traditional banking institutions.
5. Trends of Banking Technology:
The new generations observe technology as a means of making their lives easier, and technological advancement in the banking sector is no different. One of the most recent trends in banking technology is making the financial information easily accessible online, to anyone who has the access information to the account. This service is known as API or Application Programming Interface.
Fintechs had a successful trial using APIs, where they used the application to improve their business. This trial is encouraging many other banks to follow suit. An important feature of APIs is you can use them through the bank’s mobile application to pull down the information of a customer’s account.
Another survey by Insider Intelligence conducted in 2020, revealed that 66% of banking executives believe a number of new technologies will have a great impact on the banking sector by 2025, such as the Internet of Things (IoT), and Artificial Intelligence (AI) and blockchain. Technologies such as blockchain are expected to reduce costs for banks and facilitate processes.
On the other side, banks are incorporating more AI in their services. An example can be the chatbots you will find at the front office. Banks are also using AI, in the form of voice assistants and chatbots, in customer related services such as identification and authentication.
How can you know your bank is safe?
Banks are rated safe when there’s a complete cybersecurity system in place that protects the data and money of consumers. Even though, it’s not a requirement that banks share all the security measures they undertake in order to keep their data safe, transparency and honesty with the public are key to having a good reputation, which in the financial sector, is what keeps institutions alive.
Here are some factors to take into consideration when determining which bank offers more security measures than other banks, hence choosing them as your banking institution:
- Two-factor Authentication.
- Service Branches: If you would like to go to one of the bank’s branches, you might want to consider a bank with a branch near you.
- Guaranteeing your money, if someone was able to hack into it and steals your money.
- Interest Rates: you might want to check which banks have great interest rates on the in-credit balances, or best overdrafts.
- If your debit card is stolen, the bank gives you the ability to disable the card.
- Incentives: some banks offer some additional services or packages on accounts, in exchange for a small fee each month. Such incentives could be travel insurance, gadget insurance and breakdown cover.
- Card numbers for a single use, which is a single-use temporary card that you can use online, keeping the number of your actual credit card out of harm’s way.
- Customer Service: it’s no doubt one of the easiest ways to find more about a certain bank, is by checking the reviews customers wrote about it.
- Cast Reimbursement on the next day: in the event of a dispute which resulted from a data breach and the customer’s money was gone. The bank reimburses the customer’s money the following day, so that they wouldn’t have to wait for months before getting their money.
- Other Financial Products: these include credit cards, mortgage deals and savings to their current account holders.
- EMV Chip-cards: These cards are not easy to clone as the regular credit cards. EMV chip cards encrypt the account information with each transaction that takes place.
- Switching Incentives: occasionally, some banks offer a monetary incentive to persuade you to change from your old account to a new one. At times, some banks offer a switching reward of £100.
- Liability: These differ whether the used card is a credit card or a debit card. There are several ways to report credit card fraudulent transactions, by the phone or the online customer service. For a debit card, if the owner reported the theft before there are any charges incurred on the card, will not be considered liable for the charges. If the owner waits for two-business days after receiving their monthly statement before reporting to the bank, they will be liable for $50. Between these two days and up to 60 days, the owner might incur up to $500, and after 60 days, the owner will be liable for all the charges found on the card.
Best banks in the US
As we’ve seen how hackers are constantly improving the tools they use to conduct cyberattacks. Hence, using the security points provided in how to determine which bank is safe, Lifehacker helped compile a list of some of the safest banks in the US. They are as follows:
- Ally Bank.
- Bank of America.
- Capital One.
- Charles Schwab.
- HSBC Bank.
- Wells Fargo.
All these banks offer their customers cash guarantees against any unauthorised access. Chase Bank offers next day reimbursement, as well as Bank of America, in addition to single-use cards, a service that is also offered by Citibank.
Best banks in the UK
A survey conducted by Finder.com of banks in the UK, asked participants to rate the level of their satisfaction with their banks, as well as whether they would recommend this bank to other people. Using this data, the website made a list of the best banks in the UK, according to customer satisfaction, and it’s no doubt a factor in this satisfaction is the safety of these banking institutions.
Here are the top banks in the UK according to customer satisfaction and the percentage of how many of those customers would recommend the bank to others:
- Halifax, with 88% of customers would recommend it.
- Starling Bank, 87% of customers would recommend.
- NatWest, 86%.
- Lloyds Bank, 84%.
- Monzo, 84%.
- Nationwide Building Society, 83%.
- Santander, 83%.
- Monese, 83%.
- Barclays, 81%.
- Revolut, 79%.
- First Direct, 78%.
- Royal Bank of Scotland, 78%.
- HSBC, 78%.
- TSB, 72%.
- Virgin Money, 72%.
- Bank of Scotland, 74%.
- Metro Bank, 68%.
What are the biggest banks in the UK?
There are four banks considered to be the biggest in the UK, they are divided between multinational banking groups and companies of financial services:
- Barclays: with banking operations in over 50 countries around the world with 48 million customers, Barclays is a multinational company of banking and financial services, located in London. Of the bank’s operations are wealth management, retail, credit cards, mortgage lending, investment banking and wholesale.
- HSBC: this banking and financial services company is based in London as well, and it ranks at the sixth place in the world’s list of largest banks by the total of their assets, as well as being the largest in the UK and Europe.
- Lloyds Banking Group: beginning back in Birmingham in 1765, Lloyds Banking Group is over 250 years old. The group now includes, in addition to Lloyds Bank, Halifax, Bank of Scotland and several financial brands like Scottish Widows.
- NetWest Group: including NatWest, Ulster Bank and the Royal Bank of Scotland, this group used to be known as the Royal Bank of Scotland Group. The current group has many branches around the UK.
How can the Banking Sector improve its cybersecurity?
It’s as clear as the sun that technological advancement and cybersecurity threats in the banking sector are evolving hand in hand. Banks make use of the new technologies to further enhance the protection of its data and customers, at the same time, attackers are also developing their attack methods and tools.
Constant development of cybersecurity in the banking sector has great benefits to the customer by protecting their identity, information and of course money. For the bank, it’s more than just the revenues from the influx of customers, it’s also about the bank’s reputation.
Here are some of the steps banks can take in order to improve their cybersecurity:
1. Layered Approach:
Banks must put and follow what’s known as a layered approach to their cyber and network security. On the data side, it must be protected using a proactive framework, added to the data, to secure its protection in the event of an attack.
2. Data Encryption:
Encrypted data is safe wherever it is, whether at the source, in transit or even at its final place. This encryption gives the financial institutions, and banks, to be the controller of the data anywhere. Even when the system fails, the encrypted data will remain safe, even as they are stored in the cloud.
3. Filling the Gap:
There’s a huge gap between the number of jobs in the cybersecurity field and the number of those properly trained in the field. The organisations offering cybersecurity services need to attract more people to train and excel in cybersecurity. As well as making sure the IT team in your business is up to date with all the new and advancing cybersecurity attacks.
4. Limited Access to Data:
Where there’s a human element, you can expect something to go wrong and data is endangered. This is one of the main reasons to limit access to confidential data, it doesn’t mean it’s safely stored that access can be granted to anyone. This is why access to confidential and sensitive information must be limited only to those who need to access it.
5. Appropriate Budget:
Handling cybersecurity threats is very costly and many financial institutions don’t have enough funds to keep dealing with these attacks. In this regard, institutions need to make sure to have the latest attack detection and response tools, in order to help detect and prevent possible future attacks, hence reducing additional costs.
6. Multi-Factor Authentication:
There are several forms when it comes to multi-factor authentication, as this step adds more security to the banking process, even if the system gets hacked. MFA is when the banking website or mobile application sends a text message to the phone of the customer, with an OTP (one-time password), that is used only for a single time access to the account.
7. Appropriate Training and Awareness:
It’s no secret, a small percentage of employees actually know what to do in the event they detect or become the victim of a cyberattack. This must change, institutions need to provide proper training and awareness programs for their employees to make sure they are up to date with the action plan to follow in the event of an attack.
8. Security Assessment:
Financial institutions and banks must seek the opinion and security assessment of security advisors. These assessments help in identifying the weak points in the cybersecurity network of the institution and assist in setting the best protection and defensive strategies.
9. Weak Credentials:
Financial institutions, especially banks, need to stress to their customers that they must use strong passwords and credentials when setting up their accounts. It’s easier for attackers to hack into banks by stealing the credentials of a customer. This is in addition to providing customers with awareness programs about cybersecurity and how to not make themselves an easy prey for cybercriminals.
10. Hardware Security Modules:
Also known as HSMs, these modules are an external physical hardware where electronic information is stored, almost like a safe. HSMs are the place where security keys are stored, managed and processed, all in a secure device.
11. Internal Bank Communications:
When it comes to detecting a cybersecurity attack, communication is important. Banks can put a communications plan where employees are constantly reminded of their role in data protection, swiftly alerting the concerned teams in the case of the detection of a cyberattack and giving the employees simple steps to follow when discovering a cybersecurity attack.
12. Best Practices:
We come back to one of the most important assets of any institution, its employees. Each financial institution and bank need to spend the proper funds and time on properly educating their employees about cybersecurity attacks, risks and the institution’s plan of action in the event of detection, handling or preventing a cybersecurity attack. This will also lower the risk of human error as a cause for cybersecurity attacks, which is one of the top reasons many institutions get attacked.
Cyberattacks in the banking sector will only continue to increase in the years to come, and both technology companies and banks will need to keep on working hand in hand to keep up with this increase.