As highlighted in the Verizon 2017 Data Breach Investigations Report, the financial services sector continues to be a target of cyberattacks. That said, the trend has also shifted to other verticals, such as healthcare with the recent WannaCry attack and other hospital data breaches. One hopes, as the report suggests, that banks’ significant investments have paid off, and that the reduction in overall incidents is a demonstration of their improved security posture. Of the reported attacks, most were associated with DDOS, and the rest were primarily skimming efforts used in stealing card data.
Account take overs continue to be a pestilence for the banking industry although improvements in fraud detection and authentication have reduced the success of these types of attacks. Meanwhile, insider privilege misuse continues to rise and banks will clearly need to make more investment in their systems and behavioral analytics to protect themselves.
These types of security improvements may have reduced the number of financial services breaches. On the other hand, we must also examine an alternate theory: That the sheer availability of financial data has reduced its value and, therefore, prompted criminals to seek more fruitful avenues—for example, health care data and its rich bounty of Social Security numbers or and other personal identifiers. Analysts of the U.K. health system’s WannaCry breach estimate that medical information could be worth ten times more than credit card numbers on the Dark Web.
Even in these cases, however, cybercriminals often seek to monetize attacks. Their activity will often still touch financial institutions, who will continue to bear the brunt of monetary losses associated with cybercrime regardless of the originally targeted industry.
Further, we can expect to see a rise in mobile and cloud-based attacks as these technologies gain consumer adoption. To blunt these threats, communication across the financial industry and across vertical industry lines will be one of the best defenses as the business of cybercrime continues to keep pace with the technical evolution.