IBM: Finance and Insurance is Second-Most Attacked Industry
Organisations operating in the financial arena are all too familiar with the threat of cyber attacks.
However, a new report from IBM has laid bare the challenges facing these institutions as bad actors take advantage of emerging technologies and use increasingly sophisticated methods to carry out their damaging deeds.
It finds finance and insurance was the second-most attacked industry in 2023, representing 18.2% of global incidents. In the Middle East and Africa (38% of incidents), as well as Latin America, the industry was targeted more than any other.
Accounting for 16% of regional cyber cases, finance and insurance in Europe was the third-most attacked sector behind manufacturing (28%) and professional, business and consumer services (25%).
Research was carried out by IBM X-Force, IBM Consulting’s offensive and defensive security services arm.
A global identity crisis
The annual Threat Intelligence Index produced by IBM X-Force is based on insights and observations from monitoring more than 150 billion security events per day across more than 130 countries.
In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services. Figures provided by Red Hat Insights and Intezer also contributed to the 2024 report.
This year’s index highlights an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.
Across the board, bad actors saw more opportunities to “log in” as opposed to hacking into corporate networks through valid accounts – making this tactic a preferred weapon of choice.
“While security fundamentals don’t turn as many heads as AI-engineered attacks’, it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown,” explains Charles Henderson, Global Managing Partner at IBM Consulting and Head of IBM X-Force.
“Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimise the tactic.”
Slight decline in attacks on finance and insurance
Despite finance and insurance taking up a significant share of cyber attacks in 2023, the global proportion was actually down compared to 2022 (18.9%), having been even higher in 2021 (22.4%) and 2020 (23%).
Malware was the most common action on objective observed, accounting for 38% of incidents, with ransomware the most common type. Server access (25%) was the second-most observed action on objective, followed by use of legitimate tools for malicious purposes (19%).
Meanwhile, extortion was the top impact observed on finance and insurance organisations in
2023, accounting for 35%, followed by botnet (28%) and credential harvesting (19%).
IBM X-Force discovered phishing was the most common initial infection vector at 28%, followed closely by the use of valid accounts and abuse of external remote services at (both 27%).
Read the full report: IBM X-Force Threat Intelligence Index 2024
******
Check out the latest edition of FinTech Magazine and sign up to our global conference series – FinTech LIVE 2024.
******
FinTech Magazine is a BizClik brand.
- Money20/20: Oracle & NVIDIA Partners Drive Fintech SurgeFinancial Services (FinServ)
- FinTech LIVE: Interview with Michelle He, AboundFinancial Services (FinServ)
- Taulia: AI Transforming Global Financial Decision-MakingFinancial Services (FinServ)
- FinTech LIVE: Interview with Jason Maude, Starling BankBanking