Trustwave: Unveiling Cyber Threats in the Financial Sector

Share
The cost of a data breach in the finance sector is second only to healthcare
Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

Financial institutions are in the eye of cyberstorm and the Trustwave SpiderLabs 2024 Risk Radar Report for the Financial Services Sector has given shape to the threats they’re facing. 

This analysis, coupled with recent industry insights, reveals a sector grappling with sophisticated cyber threats amidst a backdrop of regulatory pressures and technological advancements.

The unique cyber threat landscape

It’s not new to think that financial services organisations are prime targets for cybercriminals. Yet, less known is the average cost of a data breach in the financial services sector. The report revealed it stands at a staggering US$6.08m. 

This is second only to the healthcare industry, and reflects the price of cyberattacks hitting a heavily regulated industry, where sensitive consumer information and represent almost a big a financial loss as any theft of monies.

The introduction of stringent regulations like the European Union's Digital Operational Resilience Act (DORA) mandates robust cybersecurity measures and continuous resilience testing. This regulatory landscape extends globally, with jurisdictions like the US and Australia imposing their own rigorous cybersecurity requirements.

Youtube Placeholder

Equally, as digital currencies gain legitimacy and integrate into traditional banking systems, new cybersecurity challenges emerge. Financial institutions are now faced with developing robust protection mechanisms for digital assets and educating consumers on best practices for managing their cryptocurrency holdings, like cold storage or crypto wallets.

With the field of play set, the report highlights several prominent trends currently being used for attackers to reach their aims. 

Insider threats: The Trustwave SpiderLabs team found that 48% of risky findings were related to remote access software and protocol tunnelling. 

Phishing-as-a-Service (PaaS): This emerging threat offers sophisticated phishing tools through underground forums and Telegram marketplaces, with attackers increasingly use HTML and PDF attachments to obfuscate phishing URLs.

Ransomware: Financial institutions remain prime targets for ransomware attacks, with the report identifying LockBit and AlphV's as the predominant groups, with AlphV's share of attacks increasing from 10% to 24% in the past year.

Imperative for action

The gravity of this study is echoed by wider financial companies’ sentiments surrounding the threat of cyber to their industry. A 2024 study from law firm Mayer Brown revealed that nearly eight in 10 leaders of financial services firms are unable to plan for the future due to concerns about their organisation's ability to withstand cyberattacks.

Yet with the EU’s DORA coming into effect in 2025, which mandates robust cybersecurity measures and continuous resilience testing of financial entities, and organisations increasingly adopting new technologies like cryptocurrencies, there is increasingly little time to halt transforming their operations. 

The path forward

While the challenges are significant, there is hope on the horizon. The Trustwave report recommends several mitigation strategies, including:

Financial threats mitigation tactics
  • Implementing advanced email filters with machine learning to detect anomalies
  • Conducting regular security audits and phishing simulations
  • Engaging in industry collaborations to stay updated on emerging phishing trends
  • Implementing hardware-based authentication to prevent MFA bypass attacks

As cybersecurity now presents a clear link to a company's growth, and regulatory legislation stares them in the face, financial firms must adapt or feel the pressure of both attackers and regulatory auditors. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

The FinTech Year in Stories: March

We look at the articles that made the news in fintech in 2024. Today, it is March…

The FinTech Year in Stories: February

We look at the articles that made the news in fintech in 2024. Today, it is February…

The FinTech Year in Stories: January

We look at the articles that made the news in fintech in 2024. Today, it is January…

FinTech Predictions for 2025 - Pt. 2

Financial Services (FinServ)

Fintech Predictions for 2025 – Pt.1

Digital Payments

2 Months To Go Until FinTech LIVE Singapore

Digital Payments