Cyberattacks on the financial sector have been steadily increasing. According to VMware, financial institutions experienced a $238% increase in cyberattacks within the first six months of 2020 alone. In 2021, the trend continued with financial institutions/fintech being hit by ransomware, phishing, SQL injection, social engineering, and denial of service attacks, among others.
Government agencies have sought to stem the trend with regulations, resources, and regular warnings. But has this been enough and can financial institutions/fintech companies do more to protect the sensitive data of their customers and their own proprietary information? The answer is yes, and it involves executives’ gaining a better understanding of the progression of cyberattacks on the financial sector and responses to them, along with implementing best practices for cybersecurity that address current threat vectors.
On September 14, 2007, the online brokerage, TD Ameritrade, reported that it had experienced a data breach that resulted in the theft of 6.3 million customer account records. It was one of the first major wake-up calls for the financial sector and sadly would be followed by many others. A report by the Boston Consulting Group stated that financial services firms are 300 times more likely to experience a cyberattack than businesses in other industries. Their costs from a cyberattack are higher too. Accenture reported that the average cost of a cybercrime per financial services company in 2018 averaged $18.5 million compared with $13 million for companies in other sectors. It is likely that amount has increased. The good news is that there is greater awareness and measures in place to help combat cybercrime. This heightened awareness coupled with best practices can be extremely effective.
Serious cybercrime incidents in 2021
Since tracking and reporting of cyberattacks began, there has been a long pipeline of various cyberattacks on banks, credit unions, credit card companies, mortgage lenders, investment firms, cryptocurrency platforms, etc. worldwide. Cybercriminals have included Russian hacking groups like the TA505, ransomware groups like DarkSide and Ragnar Locker, international crime…