Increasing Cyber Attacks on Financial Businesses – What’s Next?

Cybersecurity attacks are on the rise and threaten the global financial sector, despite rising knowledge in the banking industry. These include preparations from the Bank of England (BoE) and regulators to stress test the UK banking system itself.

So how bad is this, and who’s behind the attacks?

What’s happening?

Severe cybercrimes are soaring and with 63% of financial organisations acknowledging a cyber attack in the 12 months to December 2022, each having the potential to create mass disruption within the financial sector, the industry is taking this threat extremely seriously. The European Central Bank, Governments, and their Security Services monitor these attacks, particularly those that seem state-sponsored or from other threat actors such as organised crime or activist groups.

A global threat

Some watch groups attribute the rise in cyber attacks to Russia’s current invasion of Ukraine. Recently, Ukraine’s Defence Ministry and several Ukrainian-owned banking organisations were all taken offline in a significant cyber attack. But around the same time, both the Moscow Stock Exchange and Sberbank, Russia’s biggest bank, were hit by DDoS attacks that were said to have come from a group of hackers in support of Ukraine. Both Ukraine and Russia said the strikes were done by the other country.

However, there is a global rise in state-supported cyber attacks. Last year the group calling itself ‘Lazarus,’ otherwise known as APT38, believed to be a nation-state threat of North Korea, carried out spear phishing attacks using weaponised Microsoft Office documents targeting decentralised finance applications in banks in Poland, Mexico, Vietnam and Ecuador.

Hacker motivation

Groups of hackers acting in a collective interest are not always state-sponsored. A group called DarkSide, with members, believed to be in Russia, Eastern Europe as well as Iran, Syria, China, and North Korea, appears to target larger ‘for-profit’ businesses and claim they donate some cyber attack profits to charity through a ‘Ransomware-as-a-Service’ (RAAS) model.

Cyber attacks by the most notorious hacking groups, such as Lazarus, Cobalt and FIN7, are now impacting financial institutions by directly affecting customers and the integrity of banking operations. Over $81m was stolen from Bangladesh’s central bank in a cyber attack, and in March 2023, the Australian bank Latitude Financial had 14 million sensitive customer records stolen.

Similarly, in South Africa, the data of 3 million customers was taken from its TransUnion credit bureau in a cyber attack. In the UK, Qubit Finance lost £65m of cryptocurrency and a ransomware attack hit the Pension Protection Fund threatening its assets of £39bn+. A recent outage at ION Cleared Derivatives was so significant that the London and Dublin based company was forced to revert to a manual trading system, causing massive financial impact due to delays in settling trades. The knock-on effect of this attack on a critical futures trading partner within the derivatives market not only affected businesses in the supply chain, including Macquarie, UBS, and Royal Bank of Scotland but caught the eye of the regulator as it also severely impacted the Commodity Futures Trading Commission in the US derivatives market.

The wider socio-economic impact

Cyberattacks resulting in the theft of cash, cryptocurrency, or customer data are destructive enough, but reputational damage is potentially worse. When customers hear about a potential cyber attack on their lifetime savings, the bank suffers a potentially permanent loss of trust which can wreak havoc on the banking system.

With an average direct loss of £4.8m for every cyber attack suffered by financial organisations, as reported by IBM in a 2022 report, and in response to this increasing threat, the finance community is extending its regulatory stress testing policy to simulate and mitigate against cyber attacks. The highest perceived attacks on these businesses are through advanced persistent malware, ransomware, across the supply chain or denial of service.

Does size matter?

Large financial organisations benefit from regulatory protection and insight into the risk of a cyber attack. A recent UK government cybersecurity survey counted 39% of UK businesses as having experienced a cyber attack. Smaller and medium enterprises must be sufficiently protected against such losses and have adequate cyber IT expertise, resources and security.

Many of these large businesses in the financial sector use Managed Service Providers such as Amazon and Microsoft to provide cloud computing and reduce their level of exposure to a cyber attack. Using a specialist IT support business with a larger pool of skilled resources and knowledge is beneficial for the smaller business, for whom the loss of sensitive customer data or interruptions to daily business operations due to a cyber attack would have significant implications. One strategy used by Managed Service Providers is a ‘zero-trust’ approach. This assumes that any person or device with access to a system may have been compromised, requiring multi-factor authentication to validate every user and consider system access to be ‘privileged’ only via permitted devices.

Intelligent security choices

Partnering with a specialist IT provider is proven to offer many efficiency and cost benefits for smaller businesses, and those handling sensitive or financial data must ensure that they select a partner skilled in the latest cyber support techniques.

With the European Central Bank keen to ensure that large banks conduct cyber stress tests that adequately prepare them for any foreseeable attacks, smaller and medium size businesses in the finance sector will need to take steps to protect themselves.

Talk to Thrive, we are a trusted cyber security specialist and an accredited Managed Service Provider and can offer your business the Next Generation of Managed Services.

Contact Thrive today to learn how we can help your business stay secure in today’s digital age.