In the current climate of notorious data breaches and the constantly evolving cyberthreat landscape, banks and financial services companies are under pressure. They usually operate on vast volumes of valuable financial and customer data. That’s why it’s critical to learn everything there is to know about the current cyberthreats to keep it all safe from hackers.
Security professionals at financial services firms and banks will be looking at both old and brand-new cyber threats during the next few years.
In this article, we line up the most important banking cyber threats that will become prominent in 2020. Read on to find out what threats banks are going to be addressing with technology and what are the potential solutions they’re going to explore this year.
In 2020, ransomware will remain one of the most significant challenges facing banks. After healthcare, financial services is the second most targeted industry for ransomware attacks.
Successful attacks not only reveal the lack of appropriate endpoint protection but also serve as a starting point for many other issues. For example, a breach can cause monetary damage. But most importantly, banks that don’t proactively protect against threats suffer from reputational risk among their customers.
This is only the tip of the iceberg. Other consequences of ransomware attacks are weekend staff morale and the need to pour plenty of IT resources into the response to the attack.
To adequately protect against ransomware attacks, financial institutions are going to concentrate on placing uniquely tailored layers throughout their networks to serve as obstacles that block malicious software.
The last few years have witnessed an increasing number of phishing scams. Some of them targeted specifically bank employees and attempted to obtain sensitive information such as usernames and passwords.
The idea here is inspiring the bank’s employees to click on links or open attachments. They then redirect them to fake websites where they’re encouraged to share their credentials and other personal information.
Once cybercriminals gain access to an employee’s email account, they will be able to:
- access critical company information,
- send emails on the bank’s behalf,
- use the employees’ social media accounts,
- gain access to internal documents and customer financial information.
As you can imagine, a breach like that could result in serious consequences – both financial and reputational. And that’s valid not only for the institution itself but for individual employees.
What is the number one way to combat phishing attacks? Employee training. In 2020, more and more banks are going to invest their resources into teaching employees about how to spot such messages and handle them. That begins, of course, with not clicking on any links and alerting IT workers immediately.
Many banks enter partnerships with third-party providers to reduce the costs associated with compliance. For example, rather than build their own solutions to meet compliance in-house, they source compliant resource solutions from cloud vendors and other partners.
However, by entering into this type of agreement, they may expose themselves to additional risks. After all, a bank’s security posture is going to be only as strong as the posture of its third-party vendors. If a vendor faces a cyber threats, it might lead to the bank facing a vulnerability as well.
With this idea in mind, in 2020, banks are going to take a closer look at their third-party contracts – especially in the context of cybersecurity threats. They will be asking who is responsible for protecting data, what regulations do vendors follow to remain in compliance, and what could actually cause things to go wrong.
Banks that fail to consider this risk may suffer from serious financial and reputation losses. That’s why choosing the cloud-based vendors carefully will become important too.
DDoS attacks through the IoT
Another weak link in the financial services infrastructure is the Internet of Things (IoT) and its many implementations. Cloud-based technologies are not the only examples of how new threats arise with new solutions.
In 2016, we witnessed the largest Distributed Denial of Service (DDoS) attack carried out through the Internet of Things. In this attack, unsecured IoT devices were hacked and, as a result, caused outages on sites like Amazon or Twitter.
Such threats aren’t going away in 2020. In fact, they might be growing even more complex because of the proliferation of IoT devices. This trend is only going to increase in the near future. Consumers now use monitors, tablets, and a wide range of smart devices that all communicate with the internet.
Every financial institution needs to take this threat seriously. For example, if an IoT attack brings down your company website, your customers might not be able to log into their bank accounts or use a mobile banking app. And if consumers can’t access their money until you gain control over the attack, your company’s reputation will suffer.
In the US, senators introduced the Bipartisan Legislation that aims to decrease the cyber risk of the IoT implementations. The legislation ensures that device manufacturers meet minimum cybersecurity requirements — for example, enabling device patching to address security vulnerabilities or allowing users to change the default password. This legislation should reduce the overall risk of IoT devices, but it doesn’t entirely eliminate that possibility. And banks will have to prepare for that in 2020.
Multifactor authentication and biometric threats
You might believe that Multifactor authentication and biometric authentication provide an unsurmountable challenge to cybercriminals. Unfortunately, this is not true.
For example, hackers were known to exploit the vulnerabilities in the configuration of systems or flaws in remote banking systems and bypass one-time passcodes. Other hackers used social engineering for SIM swapping to deal with multifactor authentication.
What about biometrics? Many banks were hopeful about introducing biometric authentication as part of their two-factor authentication programs. However, it shows not to be so simple in practice. Several cases have demonstrated that biometric technology is still far from a perfect solution to cyber threats.
For example, banks have been seeing implementation issues such as Google Pixel smartphone that doesn’t check whether the user’s eyes are open during the unlocking process that uses facial characteristics. Another trend emerged in Latin America: visual capturing attacks. Cybercriminals would install CCTV cameras and use them to record the pins people used to unlock their phones. This technique is very simple but very effective — both for those who prefer PINs to fingerprints or facial reading. After all, when a device is greasy or dirty, the best way to unlock it is by using a PIN.
That’s why in 2020, an increasing number of banks are going to introduce alternative methods of authentication. After all, no technology is perfect, and the recent cases have shown us that even seemingly bulletproof authentication methods can fall victim to cyber threats.
Cyber Threats in banking: The future of cybersecurity
In 2020, more and more banks are going to invest in cybersecurity measures and develop solutions that address the most common vulnerabilities abilities. At the same time, they are going to provide their customers with new ways of accessing financial services and examine the potential vulnerabilities in these new products. As a result, cybersecurity is going to become one of the critical technology trends in the financial services sector.
Would you like to learn more about future technology trends in banking? Feel free to browse our company blog, where we share our expertise in the topic. Our teams have worked with financial services enterprises and fintech startups on a variety of solutions that included cybersecurity.
If you have any questions, don’t hesitate to get in touch with our consultants – we’re always ready to answer your questions.
And if you’d like to learn more about technology trends in banking, here are a few articles you may also find interesting: