Financial Services: Web Application Attacks Grow by 38% In First Half of 2021

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

During his career in the middle of the last century, professional bank robber Willie Sutton made off with an estimated $2 million in stolen money. Urban legend has it that when a journalist asked Sutton why he robbed banks, he replied, “That’s where the money is.” In later interviews, Sutton disclaimed the quote. Regardless, the point is well-made and applies to the financial services sector to this day.

While an old-fashioned bank robbery can never be ruled out, straight-up stealing money from a brick and mortar bank is very much a “last-century” approach. Today, the currency that the cybercriminals are after is personal data, and the attack surfaces are the web applications that customers, partners, and employees use to conduct a wide range of online financial transactions.

Make no mistake: financial institutions are still “where the money is.” Financial services hold the dubious title “most-breached sector”, accounting for 35% of all data breaches. To the delight of cybercriminals, the COVID-19 pandemic has driven large-scale growth in online banking, dramatically increasing the volume of sensitive customer data that’s available to steal. At Imperva, our research demonstrates how these realities are changing the threat landscape for the financial services sector. As the COVID-19 pandemic dragged into 2021, Imperva Research Labs reported that between January and May 2021, web application attacks on the financial services sector increased 38%.

Web App attacks image 1

The 5 top security threats in financial services

Sensitive data breaches

The surge in online banking and wider digitalization within the financial services sector has resulted in most organizations needing to manage dramatically higher volumes and greater complexity of data. This, along with the prospect of stricter data privacy laws on the horizon, is making sensitive data protection an unprecedented challenge.

The speed of change in this industry imperils security controls being applied to all data stores, which exposes many financial services organizations to increased risk and vulnerability to a data breach. Cybercriminals know this. Attacks on sensitive data are escalating at an alarming rate. Imperva Research…