Phishing: One of the Most Common Security Threats in Banking
The integration of technology into financial services has revolutionised the industry when it comes to efficiency, accessibility and user experience.
However such integrations do not come without challenges. Digital transformation has introduced complex cybersecurity threat landscapes across industries, including financial services.
Fintech companies must therefore implement effective security measures to navigate and protect sensitive financial data and maintain customer trust.
The threat landscape in fintech
The digital nature of fintechs makes them an attractive target for cybercriminals seeking financial gain or attempting to disrupt the financial system.
Consequently, robust cybersecurity measures are essential to safeguard against unauthorised access, data breaches and other malicious activities.
According to a recent report released by Netskope Threat Labs, phishing is one of the most common cybersecurity threats in the banking industry. Financial fraud was the main reason for adversaries attacking the sector.
In the report, the company focused on three types of threats – social engineering, malicious content delivery and Gen AI data security – as well as the top adversary groups.
Social engineering threats
When it comes to social engineering tactics, phishing is the most common attack used to steal bank account details and login credentials.
- Three out of every 1,000 individuals working in banking click on a phishing link each month.
- With 362,000 banking employees in the UK (2023), this results in over 1,000 banking staff clicking on phishing links each month.
- While targeting cloud apps is common in other sectors, adversaries instead are creating tailored phishing pages designed to mimic the target banking institutions’ websites to commit financial fraud.
“Adversaries targeting the banking industry are primarily criminals focused on financial fraud, using social engineering and infostealers to try to obtain bank account details and banking portal login credentials,” says Ray Canzanese, Director of Threat Labs at Netskope. "We still see adversaries aiming to sabotage operations, steal sensitive data and deploy ransomware, but in much smaller numbers than the financial fraudsters."
Malicious content delivery
When it comes to malicious content delivery, Netskope's report found that Russian criminal groups are the most likely to target the banking industry – particularly the TA577 and Indrik Spider groups.
Top five malware families recently used:
- Downloader.SLoad (a.k.a Starslord)
- Infostealer.AgentTesla
- Trojan.FakeUpdater
- Trojan.Parrottds
- Trojan.Valyria
Gen AI data security
The banking industry is currently experiencing a lower adoption of Gen AI (87%) compared to other industries (97%) due to stricter control measures to reduce the risk of data leakage.
- Banks block employees from using Gen AI more than other industries with 93% of banks blocking at least one Gen AI app compared to other industries (77%).
- Apps most likely to be blocked include Quillbot, WriteSonic and MotionAI.
- Data Loss Prevention (DLP) is the most popular form of Gen AI control, with more than 50% of all organisations in the sector using it to restrict sensitive information from flowing into Gen AI apps.
“The banking industry stands out as being one of the best at controlling the data risks associated with Gen AI apps. They are more aggressive at blocking apps without a legitimate business purpose and using DLP to control what can be sent to allowed apps,” says Ray.
“The result has been a more strategic and measured adoption of genAI technology, which results in more secure data. Organisations in other industries can look towards the banking industry as an example of how to successfully control Gen AI.”
Security recommendations for the banking sector
Recommending the banking sector to review its security posture to ensure they are adequately protected against the above threats, NetSkope Threat Lab provides six recommendations for the industry:
- Inspect all HTTP and HTTPS downloads, including all web and cloud traffic.
- Ensure that high-risk file types like executables and archives are thoroughly inspected using a combination of static and dynamic analysis before being downloaded.
- Configure policies to block downloads from apps and instances that are not used in your organisation to reduce your risk surface to only those apps and instances that are necessary for the business.
- Configure policies to block uploads to apps and instances that are not used in your organisation to reduce the risk of accidental or deliberate data exposure.
- Use an Intrusion Prevention System (IPS) that can identify and block malicious traffic patterns.
- Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk.
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE
FinTech Magazine is a BizClik brand