Financial Services: Cybercriminals’ Top Vertical Market Target

Cybercriminals attacked financial services organizations an average of 65 percent more than organizations in any other industry in 2016, according to a report from the IBM Security X-Force research team.

The IBM X-Force "Security trends in the financial services sector" report revealed more than 200 million financial services records were breached in 2016, up 937 percent year over year.

In addition, there was a 29 percent year-to-year increase in the number of cyberattacks launched against financial institutions in 2016.

Security Trends in Financial Services

The IBM X-Force report indicated key security trends in financial services include:

  • Insiders pose a major threat to financial services organizations. The report showed the financial services industry was more affected by insider attacks (58 percent) than outsider attacks (42 percent).
  • Malware dominates the financial services industry. Malware resulted in millions in losses for financial services organizations in 2016.
  • Financial services security incidents may be declining. The average financial services organization experienced 94 security incidents in 2016, down from 192 in 2015.

Also, many cybercriminals "decided to go directly to the source money" in 2016, IBM X-Force Practice Lead Nick Bradley said in a prepared statement.

How Can Financial Services Organizations Mitigate Risk?

IBM X-Force offered the following recommendations to help financial services organizations mitigate risk:

  • Implement an employee awareness training program. With ongoing training, employees will understand how to identify suspicious emails and avoid falling victim to phishing scams.
  • Minimize exposure to insider threats. A combination of data security and identity and access management (IAM) solutions can help a financial services organization protect its sensitive data and monitor access of all authorized users.
  • Take a cognitive approach to security. A security analyst can use threat intelligence in conjunction with unstructured data from blogs, websites and other relevant sources to evaluate security incidents. 
  • Create and deploy an incident response plan. A financial services organization can develop and implement an incident response plan to identify the necessary data to respond to a cyberattack and mitigate cyber threats.

Security trends and incidents paint a "troublesome picture" for the financial services sector, IBM X-Force stated. However, financial services organizations that understand their cybersecurity infrastructure can effectively track, analyze and mitigate cyber threats.

"Financial services organizations can strengthen their cybersecurity immune system with a focus on mitigating notable security pain points," IBM X-Force wrote in its report.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.