The financial sector was hit hard by cyber attacks in 2018.
According to the 2018 Financial Breach Report by Bitglass, 2018 has been far more dangerous than 2016, the last year that Bitglass conducted a financial breach report.
In 2018, there were nearly three times as many breaches as there were two years ago. This is largely due to the explosive growth of hacking and malware around the world, detailed the Next-gen CASB (Cloud Access Security Broker) company. And many of these were aimed squarely at financial services.
“Financial organisations regularly handle sensitive, regulated data like home addresses, bank statements and Social Security numbers,” said Rich Campagna, CMO of Bitglass. “This type of information is an incredibly attractive target for criminals, meaning financial services firms need to be highly vigilant when it comes to cybersecurity. Failing to protect data and reach regulatory compliance can spell disaster for any company.” For this report, Bitglass aggregated data from the Identity Theft Resource Center and the Privacy Rights Clearinghouse.
From January to August of 2018, financial services firms experienced 103 breaches, compared to the 37 recorded over the same time frame in 2016.
Not only were there more breaches, the breaches caused far more damage.
The top three breaches in 2018 were SunTrust Banks (1.5 million records exposed) Guaranteed Rate (188,000 records exposed), and RBC Royal Bank (66,000 records exposed). In 2016, the sum total of all breached records was 64,512.
In the case of SunTrust Banks, a former employee of SunTrust Banks stole (and possibly shared) 1.5 million customers’ names, addresses, phone numbers, and account balances.
As for RBC Royal Bank, an unauthorised party accessed the bank’s Travelocity platform and stole the payment card information of 66,000 users of RBC’s Travel Rewards website.
The increase in breaches is likely due to a large number of reasons, indicated Bitglass. Some organisations may be overly reliant on existing cybersecurity infrastructure and find it difficult to justify additional expenses in light of their existing sunk costs in security. Other firms may simply overrate what traditional endpoint and premises-based tools can do to protect data from evolving threats.
A Full Onslaught Of Hacking And Malware
Hacking and malware were responsible for nearly three quarters of all breaches in 2018. This is a massive increase over previous years, wherein they were responsible for 20% of breaches.
Noteworthy threats to financial firms in 2018 include cloud cryptojacking, ransomware-as-a-service platforms, modular banking trojans like Emotet and ransomware like WannaCry.
With malware continuing to spread and evolve, the financial services sector should be very concerned about it, stated Bitglass. “It is now clear that defending against malware deserves special attention. This is particularly true in light of the rise of cloud and BYOD. More devices and applications are storing and processing data than ever before, creating more opportunities for malware to infect the enterprise.”
The sector can do far more to secure sensitive information, Bitglass advocated.