Previously, bank heists involved snatching the cash and running. Now, they’re digital, more elaborate, and more dangerous.
Over the past five years, data breaches in the financial sector have tripled, and the typical cost of a breach has surpassed that of any other sector, at just over $18 million.
“A cyberattack at a systematically important bank, mortgage bank, or central infrastructure company that seriously affects the availability of systems, or the integrity of data may rapidly impact the entire financial system…” states one bank, in reference to that country’s banking system.
A survey suggests that banking Trojans are the largest cyber menace, closely followed by mobile malware. Yet, an arguably larger menace comes from “ripple events,” where one institution’s data losses impact organizations downstream. Rather than destroying one organization, the attack insidiously knocks down multiple organizations, like dominoes.
In May of 2019, for example, the American Medical Collection Agency (AMCA) breach not only compromised the data of 24 million people, it also impacted 23 healthcare organizations, three professional services firms, two business sports entities, and others. Financial institutions that rely on debt collection agencies, or other third parties, are vulnerable to the same type of risk.
As a CISO of a financial institution, arming yourself with knowledge is the first line of defense. Quantify your risk, allocate resources to prevention, invest in security, and develop breach guidelines. Continuously validate that your business requirements are actually implemented correctly across infrastructures. But these are preliminary steps in your quest to strengthen your cyber security.
Other digital resilience strategies for the financial sector are available from Deloitte.