Cyber threats to the financial sector have exploded in the past year — and Covid-19 was the likely catalyst.
According to a report from the Financial Stability Board (FSB), instances of cyber attacks such as phishing, malware and ransomware surged during the pandemic — soaring from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April of this year.
This sharp increase in cyber attacks followed a rapid shift to remote working arrangements and the increased digitalization of financial services, the FSB noted.
The financial sector has proven the most popular target of cyber criminals, accounting for 25.4% of pandemic-related cyber events, according the FSB report.
The professional, scientific and technical services sector ranked close behind at 24.4%, with the public administration sector a distant third at 15.6%.
According to a report on cybersecurity trends from the FS-IAC Global Intelligence Office, the economic turmoil created by the pandemic also helped “make cybercrime an ever more attractive alternative, especially in certain areas of the world with high concentrations of technically skilled workers with few career options.”
Alongside the pandemic, other factors have driven the recent increase in cyberattacks, the FS-IAC suggested.
These include the ongoing “commoditization of malware,” new ransomware tactics and the increased reliance of financial industry firms on a small number of external suppliers.
Looking ahead, the FS-ISAC said it expects “third party risks and geopolitical tensions especially will escalate as factors cybersecurity teams need to manage.”
The FSB noted that the industry’s growing reliance on a handful of external tech suppliers represents a potential weakness.
“While outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities,” the FSB said. “Effective management of such risks across the supply chain is essential to mitigating operational and cyber risk.”
Additionally, the FS-ISAC suggested that surging cryptocurrency values “may drive threat actors to conduct campaigns capitalizing on this market, including extortion campaigns against financial institutions and their customers.”