The financial sector has long been a lucrative target for criminals of all types and this will not be changing anytime soon.
However, it is not just dodgy insider dealings, scam artists, and bank robberies that can cause players in the financial sectors a headache -- now, it is the threat of cyber intrusion, surveillance, and data breaches.
Banks, investment firms, and financial services all handle sensitive data, including account details, home addresses, contact details, Social Security numbers, information relating to investment portfolios, and more. If these records end up in the wrong hands, this can result in social engineering, account hijacking, and potentially ID theft or the batch sale of records in the Dark Web.
Like moths to a flame, this data is an attractive lure, and as such, cyberattacks levied against financial institutions are on the rise and will likely to continue to do so in the future.
According to new research released by cloud security firm Bitglass, from January to August this year, there were close to three times as many reported data breaches in the sector in comparison to the same period of time in 2016.
The report, which examines the current state of cybersecurity in the financial sector and uses information aggregated data from the Identity Theft Resource Center (ITRC) and the Privacy Rights Clearinghouse (PRC), says that 37 data breaches were reported in 2016, and 103 incidents have been reported so far in 2018.
According to Bitglass, attacks involving hacking, exploits, and the deployment of malware were responsible for close to 75 percent of all data breaches recorded in the financial sector over the course of this year. This has raised from roughly 20 percent over the past several years, in which breaches may have also been caused by insiders, human error, and third-party compromise or security failures.
Guaranteed Rate, SunTrust, and RBC's Travel Rewards were among the financial services this year which lost the most records due to a successful cyberattack.
A successful phishing attack at mortgage firm Guaranteed Rate ensured the theft of over 187,000 customers and staff records in which names and Social Security numbers were exposed.
In the case of SunTrust, a former employee stole -- and potentially shared -- 1.5 million customer records which included names, addresses, phone numbers, and account balances. The company rapidly signed up all of its customers to identity protection services.
60,000 users of RBC's Travel Rewards website were also involved in a data breach which exposed payment card information.
Bitglass' analysis suggests that the top threats facing the financial sector this year are the WannaCry ransomware and the modular banking Trojan Emotet, as well as more general cloud-based cryptojacking schemes and ransomware-as-a-service platforms.
"Breaches can harm organizations' reputations and, consequently, revenues," Bitglass says. "Financial services firms that want to succeed simply cannot afford to maintain a lax security posture. Because of careless and malicious insiders, evolving malware, new phishing schemes, and much more, financial services firms face a wide variety of threats.'
Last month, an academic study revealed that many popular password managers, in use today by both consumers and businesses on the Android operating system, can be tricked by phishing schemes and malicious applications.
Many mobile password managers have trouble associating a user's stored website credentials with a mobile app and creating a link between legitimate services, a weakness which has become ripe for exploit.