Governance, risk & compliance
“This means we are more digitally connected than before. As a result, we now have a much larger and complex attack surface – where employees operate in different locations, from different networks or outside of the organisation’s perimeter and on both corporate and personal devices.” Simply put, remote working creates all kinds of security weaknesses that opportunists can exploit. Home devices may be more vulnerable to malware, secure file sharing isn’t always secure enough, and home users may engage in riskier behaviour (including sharing devices with family members) than they would in the office.
On top of that, individuals are spending longer on their devices than they did pre-pandemic, and more customers have migrated to online banking. Taken together, these shifts pose significant new risks. The pandemic itself, as an emotive subject, has also created opportunities for malicious actors. “Cyberthreat actors are capitalising on the sentiments arising from the pandemic by disguising as legitimate Covid-19-related emails or applications,” says Illuz. “They are tricking individuals into disclosing their personal information and credentials that allows them to gain unauthorised access to networks, or to make financial gains.” A key example is vaccine-related phishing campaigns, in which scammers send a text or email inviting the recipient to get their vaccine. One such message, purporting to be from the NHS, asks the recipient to click on a link, before asking them for their bank card details.
A perfect storm
Although this has created a perfect storm of dangers, and led to a drastic rise in cybercrime. According to research by McAfee, cybercrime costs are expected to top $1trn for the first time in 2020, a 50% rise on 2018 and over 1% of global GDP.
Other research, from VMware Carbon Black, found a 238% increase in cyberattacks between February and April 2020, along with a ninefold increase in ransomware attacks. What’s more, the sophistication of these attacks has increased since the start of the coronavirus pandemic.
“Cyberthreat actors are increasingly opportunistic in leveraging emails, instant messaging platforms, short message services and websites to support their malicious activities and reach end-users and businesses,” says Illuz.
“Some cybercriminal groups have also moved their infrastructure to the cloud to hide among legitimate services. They are taking advantage of organisations and people’s propensity to do good during times of crisis to encourage them to make mistakes.” We might think of coronavirus charity scams, in which bad actors pose as a charity or person in need in order to solicit donations.
Future Banking /
www.nsbanking.com
Illuz adds that organisations have become more susceptible to polymorphic phishing attacks, in which a bad actor modifies the phishing email slightly to evade detection by automated network security measures. These emails sometimes slip through to end-users and the likelihood of compromise is higher. During the first wave of the pandemic, Google said its systems detected 18 million malware and phishing Gmail messages a day, plus 240 million spam messages, all relating directly to the pandemic. It also flagged up “more than a dozen” attacker groups backed by governments, which were using Covid-related themes as bait. “From January to April 2020, our Cyber Defence Centre noted a significant increase in cybersecurity incident reports – the lion’s share of those were suspected phishing incidents, of which some were confirmed Covid-19 themed phishing emails,” says Illuz.
What is to be done?
So what can financial institutions do to defend themselves and their customers against these new cybersecurity risks? At any rate, it is clear they are taking the threat seriously, with many ramping up investment in the field. According to a study by Deloitte, financial institutions spent an average of $2,700 per employee on cybersecurity in 2020, up from $2,300 in 2019.
This is shadowed by work at specific banks. In November, for instance, Lloyds Banking Group announced it had introduced a £500m technology project to enhance protection against hackers. Through improving its two-step verification process and providing branch staff with the latest technologies, the British lender hopes to make it harder for malicious actors to hack customers’ bank accounts. NatWest, meanwhile, has partnered with two companies, Featurespace and Malwarebytes, to protect its customers against fraud. Featurespace develops enterprise financial crime prevention software, while Malwarebytes provides advanced cybersecurity solutions for online banking. Standard Chartered, for its part, has invested in a start-up called Secret Double Octopus that offers multi-factor authentication without passwords. The idea is that business users can log into their system via techniques like facial recognition. This cuts the costs associated with repeated password changes and tightens security – passwords are responsible for 81% of breaches, according to Verizon.
The bank has also been using tools like machine learning to enable better screening of suspicious activity and has increased its virtual private network (VPN) capacity by 600%.
53 52% Carbon Black 95% Tech Republic
The percentage of cyberattacks in March 2020 that were finance-related.
The percentage of IT professionals reporting additional challenges around security as a result of Covid-19.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57