Cybercriminals are targeting the financial sector more than ever

The financial sector has apparently become a core target for cybercriminals in 2023, with firms in the EMEA (Europe, the Middle East and Africa) region hit particularly hard.

A new report from CDN provider Akamai Technologies uncovered a massive 119% increase in cyberattacks. On the finance sector when comparing the second quarters of 2022 and 2023.

This makes it the third most attacked vector across EMEA. With roughly a billion attacks on web apps and APIs related to the industry. Insurance is the most affected sub-vertical, accounting for over half of all web attacks, which marks a 68% increase year-on-year.

DDoS rise

Akamai observes that Insurance firms are a prime target since they often hold masses of personally identifiable information (PII) related to their customers. Which allows threat actors to conduct identity theft.

EMEA also experienced the most DDoS attacks by a wide margin, accounting for 63.5% of such attacks worldwide. This is nearly double the amount suffered by North America (32.6%), which came in second.

The UK was the most hit country in EMEA, with 29.2% of DDoS attacks, beating Germany which had 15.1%. Again, when comparing the second quarters of last year and this year, DDoS attacks on financial services have risen by 40% in EMEA.

The war in Ukraine has its part to play in these attacks

Akamai believes that the war in Ukraine has its part to play in these attacks, as attackers politically aligned with Russia will attack European banks. If they are deemed to be supporting Ukraine, citing this as the main reason for the increase in EMEA attacks.

DDoS attacks on gambling, commerce, and manufacturing firms were also higher in the EMEA than in all other regions combined.

Richard Meeus, Akamai’s Director of Security Technology and Strategy, EMEA, commented that, “as cybercriminals continue to follow the money, financial services remains a hugely attractive target. At the same, this is one of the most regulated sectors and hence it is essential for companies to align their security strategy with emerging laws and regulations.”

The world has witnessed an exponential increase in cyberattacks over the past decade, with cybercriminals becoming more sophisticated and relentless in their pursuit of valuable information. Among their prime targets, the financial sector stands out as a preferred choice for these digital adversaries. The reasons behind this preference are manifold, ranging from the enormous wealth at stake to the evolving technological landscape. In this article, we’ll delve into the reasons why cybercriminals are targeting the financial sector more than ever.

Enormous Financial Gain for cybercriminals

One of the primary reasons why cybercriminals are increasingly drawn to the financial sector is the immense financial gain it promises. Banks, investment firms, and other financial institutions store vast amounts of money, valuable assets, and sensitive customer data. A successful breach can yield substantial profits for cybercriminals through theft, fraud, or ransom demands. This financial motivation serves as a powerful driving force behind their relentless efforts.

Vulnerabilities in Digital Transformation

The financial sector has embraced digital transformation to streamline operations, improve customer experiences, and enhance efficiency. However, this very digitization has opened up new avenues for cyberattacks. As banks and financial institutions rely more on interconnected systems, applications, and online platforms, they become vulnerable to a wider range of cyber threats. Cybercriminals exploit these vulnerabilities to infiltrate networks, compromise user accounts, and siphon off funds.

Diverse Attack Vectors

Cybercriminals have at their disposal an extensive array of attack vectors, from phishing and ransomware to insider threats and social engineering. They continually refine their techniques to stay one step ahead of security measures. Financial institutions are targeted through various means, such as spear-phishing emails that deceive employees, malware-laden downloads, and even exploiting known software vulnerabilities. This diversification of attack methods makes it increasingly difficult for the financial sector to defend itself effectively.

Regulatory and Compliance Pressure

The financial sector is subject to stringent regulatory frameworks and compliance requirements designed to safeguard the interests of customers and the stability of the global financial system. Cybercriminals are well aware of this and strategically exploit non-compliance or security weaknesses to breach financial institutions. The cost of compliance often diverts resources away from robust cybersecurity measures, providing cybercriminals with a window of opportunity.

High-Profile Targets

Financial institutions are inherently high-profile targets, making them attractive to cybercriminals seeking notoriety and prestige in the cybercriminal underground. Successful attacks against major banks or investment firms garner significant attention, boosting the perpetrators’ reputation within the cybercrime community. This notoriety further fuels the cycle of attacks on the financial sector.

Insider Threats

Insider threats from current or former employees of financial institutions are a growing concern. Employees with privileged access can easily abuse their positions to steal sensitive data or facilitate cyberattacks. Cybercriminals often exploit disgruntled employees or use social engineering tactics to recruit insiders, making it challenging for organizations to defend against such threats.

Lack of Cybersecurity Awareness

Despite the growing threat landscape, not all financial institutions prioritize cybersecurity to the same extent. Smaller banks and credit unions, in particular, may lack the resources and expertise to adequately protect against cyber threats. This disparity in cybersecurity awareness and investment creates an environment ripe for exploitation by cybercriminals.

In Short

The financial sector is facing an unprecedented wave of cyberattacks, driven by the enticing prospect of immense financial gain, vulnerabilities in digital transformation, and a range of attack vectors employed by cybercriminals. Regulatory pressure, high-profile status, insider threats, and varying levels of cybersecurity awareness all contribute to the sector’s attractiveness as a target. As financial institutions continue to grapple with these challenges, it’s imperative that they prioritize cybersecurity to protect their assets, customers, and the integrity of the global financial system.