• Online Banking comprises 13% of the most frequently reported cybercrimes in 2021-2022 according to the ACSC Annual Cyber Threat Report.
• ANZ said it was fighting 10 million cyberattacks each month, including phishing attempts
  
• Westpac chief executive Peter King said the number of attacks had gone up during the pandemic, and ranged from opportunistic to much more sophisticated.
  

Cybercriminals choose their targets based on these two conditions - maximum impact and maximum profit. Banks and financial institutions perfectly meet these conditions because they store highly valuable data, and their digital transformation efforts are creating greater opportunities for cyber attackers to access that data.

5 Biggest Cybersecurity Threats in the Banking Sector  

1. Ransomware: Ransomware groups consider banks and financial institutions as attractive targets because they can steal valuable information and sell them online on the dark web. Attackers are looking to force banks to pay the ransom since the latter deal with a large amount of sensitive information. According to Sophos' The State of Ransomware in Financial Services 2022, Ransomware attacks on financial services have increased – 55% of organizations were hit in 2021, up from 34% in 2020.

2. Phishing: Kaspersky researchers reported the number of attacks via Banking Trojans stealing payment data, doubled in 2022 compared with 2021, reaching almost 20 million attacks. On Black Friday in particular, fraudsters used a new type of phishing scheme for the first time exploiting Buy Now Pay Later (BNPL) services. Westpac CEO calls it "phishing of [staff], or if you’re a high-profile target they talk about it as whaling.”

3. DoS Attacks: Denial of Service (DoS) attacks have also been on the rise in 2022 and this could be devastating for banks. The goal of these types of attacks is to overwhelm banks' servers using fake connection requests. The affected bank may be forced to go offline with difficulties in recovery in a short-term perspective.  

4. Remote work: With many banks and financial institutions now allowing employees to work remotely at least a couple of days per week, cybercriminals have a potentially much larger attack surface to probe and find weak points in. An employee with poorly configured home IT networks could be a gateway for attackers.

5. Supply Chain: Banks are using an ever-growing range of digital technologies for almost everything - from customer service to ATMs to cloud data storage. Any weak point in banks' IT supply chain could potentially allow attackers to enter your systems via the backdoor.

andersenIT Mitigation Checklist

To keep your information safe and secure online, remember these ANDERSEN tips:

A - Always back up your data. 
N - Normalise conducting regular security health checks
D - Detect and investigate abnormal activity with EDR tools
E - Ensure your operating systems, software, and firmware are up to date. 
R - Require multifactor authentication for all services to the extent possible. 
S - Segment networks to prevent the spread of cyber attacks.
E - Enable real-time detection 
N - Never click through to a link you do not recognise. 

andersenIT, a leading ICT Managed Services Provider, has a dedicated security team that has extensive experience in providing a professional, practical, and proven approach to cyber risk mitigation management. If you are looking to assess your Cybersecurity Health and build an effective security strategy, please email us at enquiry@andersenit.com.au.

Tags: cybersecurity threats, banking, financial services, insurance, risks, cyberattacks, cybersecurity in banking, cybersecurity in finance, banking and financing, security, top threats, biggest threats, cybersecurity trends, ransomware, dos, phishing, scam, email