In this article, we explore why financial institutions are lucrative targets for cybercriminals and the crucial need to fortify their defences for safeguarding customers' sensitive data and financial assets.
In today's rapidly evolving digital landscape, cybersecurity threats have reached unprecedented levels, with cybercriminals continuously refining their tactics. As we rely more on digital transactions and financial services, banks have emerged as prime targets for malicious attacks. According to Statista, the financial industry experienced an average data breach cost of USD 5.97 million in 2022.[1]
Banks are prime targets for cybercriminals due to several key factors:
1. The value of financial data
Banks play a vital role in safeguarding sensitive financial data, storing valuable information like customer account details, credit card information, and social security numbers. In 2022, over 17.5 million credit card numbers were sold on black markets and dark web forums.[2] Cybercriminals relentlessly pursue this data for unauthorised transactions, identity theft, and financial fraud. The potential financial gain from breaching a bank's security is significant, making them lucrative targets for cybercriminals.
2. The interconnectedness of the banking system
Banks are intricately interconnected through multiple channels, such as payment systems, clearinghouses, and third-party commercial service providers. However, the increasing complexity of third-party networks has enabled cybercriminals to redirect their focus towards software vendors and various system providers, exploiting their vulnerabilities. This interconnectivity implies that a successful cyberattack on a vendor can have far-reaching effects on the entire supply chain and financial ecosystem. Such attacks can disrupt transactions, compromise the integrity of financial data, and lead to widespread financial instability. The consequences of a single breach can reverberate across the entire supply chain, affecting both financial institutions and their customers.
3. The opportunity to exploit human error
According to an IBM study, an alarming 95% of cybersecurity breaches stem from human error.[3] In a recent case known as the Jamtara scam, six cybercriminals were apprehended for posing as customer service representatives from reputable banks in India. By deceiving innocent individuals into sharing their personal and financial information, they managed to extract over GBP 100,000 from victims' accounts.[4] This incident serves as a reminder of human fallibility, which cybercriminals readily exploit.
Another concerning factor is the widespread practice of reusing usernames and passwords across multiple platforms. A study by SpyCloud in 2021 found that that 70% of users exposed to data breaches were guilty of password reuse.[5] Cybercriminals exploit this behaviour, along with other human vulnerabilities, to specifically target bank employees and customers. Their objective is to gain unauthorised access to accounts and sensitive financial information. Once inside the banking infrastructure, attackers can engage in malicious activities, including fund theft, unauthorised transactions, identity theft, or even compromising the entire banking system.
How can banks mitigate cybersecurity risks? Synpulse has identified seven ways for banks to effectively manage the risks associated with cyber threats:
The increasing sophistication of cybercriminals underscores the utmost importance of robust cybersecurity measures in the banking industry. The value of financial data, the potential impact on customers, and the interconnectedness of the banking system all highlight the need for proactive security measures.
In our next article, we will be exploring the cybersecurity threats that banks face as well as the regulatory landscape in the UK.
If you’re interested to find out more about cybersecurity in banking or discuss your requirements in more detail, please feel free to contact us for an initial conversation.
1 Average cost of a data breach worldwide from May 2020 to March 2022, by industry (Statista, 28 April 2023).
2 Finance Threat Landscape Report: 17.5M Credit Card Numbers Sold on Blackmarket (SOCRadar, 21 October 2022).
3 The role of human error in cybersecurity breach (Engineering News, 29 August 2022).
4 How 2,500 people were duped by 6 men in Jamtara posing as customer care officials
(The Indian Express, 20 April 2023).
5 70% Password Reuse: Password Security Needs a Forced Reset (SpyCloud, 8 October 2022).