Why Do Hackers Target Finance? Follow the Money.

There are some sobering statistics on the state of cybersecurity threats and financial institutions:

• Cost to deal with a cyberattack? $18 million per firm (vs. $12 million for other industries)
• Financial firms fall victim to cybersecurity attacks 300 times more than other businesses.
• How many times American businesses are attacked per year? 4 million. Financial Services? 1 Billion.

Besides the $16.8 billion dollars that banks lost in 2017 – what else is at stake? For starters: regulatory fines, litigation, negative media coverage and response, credit monitoring for customers, brand reputation and lost business. 

Cyberattacks are nothing new, nor is active targeting of financial institutions. What is new, is the urgency around doing something about it. As an exercise, log into any number of online accounts where you could pay a bill – financial or otherwise. Are you challenged with a secure multi-factor authentication request? If not, that is one of the most gaping lapses in cybersecurity best practice. It affirms the premise, that every component in the IT infrastructure can be in place from an IT Security perspective, yet that login event can provide the keys to the entire kingdom. One final number: 81% of all data breaches are caused by weak and stolen passwords. The fix? Strong MFA with a trusted organization that focuses on this issue exclusively.

One of the misnomers is that when we discuss ‘financial institutions’ we think of banks – maybe insurance companies.  The truth is many organizations are in the finance business, even if they are not identified as such. When I buy a car, I finance it as part of the service the dealership offers. If I shop at an online retail outlet, they typically offer financing or a credit card. Large hospital bill? Finance it and make payments. In everyone of these scenarios (which are common to everyone), I am not challenged on my login. I enter in my user name, a common password and I have access to my statements, payment methods, account status – in other words – all of it. This isn’t including actual banks, which aren’t much better. As consumer, I make assumptions that my information is safe and the organization that has it treats it seriously. As a cybersecurity professional, I’m not so sure.

The good news is that there are indeed solutions to these problems and implementing them appear to be on the rise. It can be difficult to implement new procedures. Since cybersecurity became a real issue, there has always been a push-pull between strong IT Security and end-user behavior and adoption. These two competing forces have made for uneasy bedfellows.  Strictly referring to multi-factor authentication, the winning product is going to have easy deployment, easy maintenance and easy end-user adoption. This will involve a product set that offers choices. No IT ecosystem is the same and an organization needs to be offered a highly flexible toolset that can accommodate 99% of their needs – for both employees and customers.

For financial institutions, it’s not a matter of ‘if’ and not even a matter of ‘when’ a hack will occur. The question is how many successful hack attempts have been perpetrated to date and how much damage has been done or is being done as you read this.

If that’s not sobering, I don’t know what is.

Category: Industry News

MFA