Carbon Black and Optiv pinpoint 160% upturn in destructive cyber attacks on financial sector

Carbon Black – the specialist in cloud-delivered next generation endpoint security – and Optiv Security (the security solutions integrator) have issued a threat report on the financial sector. Entitled ‘Modern Bank Heists: The Bank Robbery Shifts to Cyber Space’, the report finds that 67% of financial organisations surveyed have highlighted an increase in cyber attacks over the past 12 months, while destructive attacks have increased by a figure of 160% over the past year.

“Financial institutions are grappling with some of the most sophisticated cyber crime syndicates,” said Tom Kellermann, the report’s author and chief cyber security officer at Carbon Black. “Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain. Rather, these attacks are launched to be punitive by destroying data. Cyber criminals have formed sophisticated approaches to gain access to confidential banking and financial information. Organisations need to be aware of the impending threats.”

For the report, Carbon Black collaborated with Optiv Security to survey financial industry customers and uncover cyber attack trends seen by some of the world’s leading CISOs in order to better determine how today’s sophisticated cyber criminals are hiding behind invisibility cloaks to remain undetected.

Among the key findings from the report are the following:

*67% of surveyed financial organisations have reported an increase in cyber attacks over the past 12 months

*79% said cyber criminals have become more sophisticated

*26% were targeted by destructive attacks, which represents a 160% increase over the previous 12 months

*32% of surveyed financial institutions encountered island hopping through supply chain vendors and partners

*21% experienced a watering hole attack, whereby sites are hijacked and visitors are misled to malicious pages

“As threat actors continue to grow in sophistication and determination, it’s imperative now more than ever for security leaders to evaluate their digital footprint from the perspective of the enemy,” asserted Bill Young, vice-president for threat management at Optiv Security. “By using an inside-out approach to cyber security – starting with risk mitigation and building out from there with strategy, infrastructure rationalisation, operations optimisation and ongoing measurement – we believe financial institutions can close their vulnerability gaps and respond to new threats in systematic ways. The time and cost involved in adopting a comprehensive inside-out cyber security approach to gain an understanding of threat actor intent, and employing offensive security policies to close security gaps, is a small price to pay.”

The report, available for download on Carbon Black’s website, takes a look at some of the key attack types financial institutions are encountering, including Emotet, steganography and Hidden Cobra.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts