Carbon Black – the specialist in cloud-delivered next generation endpoint security – and Optiv Security (the security solutions integrator) have issued a threat report on the financial sector. Entitled ‘Modern Bank Heists: The Bank Robbery Shifts to Cyber Space’, the report finds that 67% of financial organisations surveyed have highlighted an increase in cyber attacks over the past 12 months, while destructive attacks have increased by a figure of 160% over the past year.
“Financial institutions are grappling with some of the most sophisticated cyber crime syndicates,” said Tom Kellermann, the report’s author and chief cyber security officer at Carbon Black. “Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain. Rather, these attacks are launched to be punitive by destroying data. Cyber criminals have formed sophisticated approaches to gain access to confidential banking and financial information. Organisations need to be aware of the impending threats.”
For the report, Carbon Black collaborated with Optiv Security to survey financial industry customers and uncover cyber attack trends seen by some of the world’s leading CISOs in order to better determine how today’s sophisticated cyber criminals are hiding behind invisibility cloaks to remain undetected.
Among the key findings from the report are the following:
*67% of surveyed financial organisations have reported an increase in cyber attacks over the past 12 months
*79% said cyber criminals have become more sophisticated
*26% were targeted by destructive attacks, which represents a 160% increase over the previous 12 months
*32% of surveyed financial institutions encountered island hopping through supply chain vendors and partners
*21% experienced a watering hole attack, whereby sites are hijacked and visitors are misled to malicious pages
“As threat actors continue to grow in sophistication and determination, it’s imperative now more than ever for security leaders to evaluate their digital footprint from the perspective of the enemy,” asserted Bill Young, vice-president for threat management at Optiv Security. “By using an inside-out approach to cyber security – starting with risk mitigation and building out from there with strategy, infrastructure rationalisation, operations optimisation and ongoing measurement – we believe financial institutions can close their vulnerability gaps and respond to new threats in systematic ways. The time and cost involved in adopting a comprehensive inside-out cyber security approach to gain an understanding of threat actor intent, and employing offensive security policies to close security gaps, is a small price to pay.”
The report, available for download on Carbon Black’s website, takes a look at some of the key attack types financial institutions are encountering, including Emotet, steganography and Hidden Cobra.