Financial cyber attacks triple since 2016
Written by Hannah McGrath
The number of cyber security breaches to hit financial services firms trebled in the first eight months of 2018 compared to the previous two years, according to a new report.
Bitglass, a cloud access security broker (CASB), analysed the incidence of security threats and breaches across the financial services sector worldwide and compared the results for 2016 and 2018.
It identified nearly three times as many breaches in 2018 than there were in the same period in 2016, which the report attributed to “explosive growth” in hacking and malware on a global scale.
The report recorded 103 breaches in 2018, far outstripping the 37 incidents recorded for the same period in 2016.
The findings come in the same week Tesco Bank was fined £16.4 million by the Financial Conduct Authority (FCA) over failing related to a cyberattack that left customer data exposed in 2016, while the Equifax credit ratings agency was fined £500,000 by the Information Commissioner’s Office earlier this month for failing to protect the personal data of 15 million customers.
Hacking and malware were behind nearly three quarters of the breaches in cyber security in 2018, up from 20 per cent of incidents in 2016, reflecting the growing sophistication of malicious actors’ methods of infiltrating company systems and networks.
The largest breaches recorded in Bitglass’ analysis of security databases included an attempt on US-based SunTrust Banks, where 1.5 million customer records were potentially exposed, and an attempted attack on Canada’s RBC Royal Bank, which left 66,000 records exposed.
The top three breaches in financial services alone in 2018 each exposed more records than the sum total of all breaches in Bitglass’ 2016 report, suggesting not only that breaches are becoming more frequent, but that they are growing larger in scale. This compares to a much lower total number for 2016, when 64, 512 records were breached.
The report also identified a number of emerging threats to financial firms in 2018, including cryptojacking - the unauthorised use of someone else’s computer for cryptocurrency mining - ransomware-as-a-service platforms, and ransomware attacks, like the worldwide WannaCry attack which affected the Microsoft Windows operating system in May 2017.
Rich Campagna, chief marketing officer at Bitglass, said: “Financial organisations regularly handle sensitive, regulated data like home addresses, bank statements, and Social Security numbers.
“This type of information is an incredibly attractive target for criminals, meaning that financial services firms need to be highly vigilant when it comes to cybersecurity,” he continued, adding: “Failing to protect data and reach regulatory compliance can spell disaster for any company.”