Phishing, ransomware are top cyberattacks on financial services firms

There's been a massive increase in the number of cyber incidents reported to the regulator. But many are the fault of internal failures, not hackers.

Ransomware attacks up their game _ and ransom demands The average ransom demand is up to almost $13,000, compared with $6,700 just a few months ago.

Phishing and ransomware attacks are the most reported types of cyberattacks on financial services firms, but in most cases the causes of outages were far more mundane.

Financial services firms reported 819 cyber incidents to their watchdog, the Financial Conduct Authority (FCA), last year, a huge rise on the 69 incidents reported the year before.

Retail banks were responsible for the highest number of reports to the regulator - 486 - followed by wholesale financial markets on 115 reports, and retail investment firms on 53, according to the results of a freedom of information request submitted by audit and consulting firm RSM.

rsm1.png

Image: RSM

The most common cause of an incident, perhaps reflecting the interconnected nature of IT infrastructure, was described as a "third-party failure" which accounted for 21% of reports. Hardware and software issues were blamed for 19% and change management for 18%.

The fourth most common cause of a problem was described as 'cyberattacks'. There were 93 reported cyberattacks reported by financial services firms in 2018. Over half of these – 48 – were phishing attacks (about the same amount number as caused by human error) while 20% – 19 –  were ransomware attacks.

SEE: 10 tips for new cybersecurity pros (free PDF)

RSM said that while the jump in cyber incidents looks alarming, it's likely this is due in part to firms being more proactive in reporting incidents to the regulator, plus the increased focus on security and data-breach reporting following the arrival of GDPR. 

screen-shot-2019-07-01-at-13-19-08.png

Image: RSM

A high proportion of cyber events were linked to change management, highlighting the risk of changes to IT environments not being managed effectively RSM said.

The FCA would not comment on the new data, but in November last year it said that, in the year to October 2018, financial services firms had reported a 187% increase in technology outages, with 18% of all the incidents reported to as cyber-related. It said that even with this, under-reporting of incidents is still a problem.

In particular the FCA said it was worried about the number of technology incidents reported, with many outages linked to technology platform changes and outsourcing failures.

"We've also seen a lot of recent outages caused by relatively small changes, usually made on a week day evening," said Megan Butler – executive director of supervision for investment, wholesale and specialists at the FCA – in the speech in November. "We are worried that a lot of firms seem overly confident about their ability to manage flagship IT change programmes and keep their systems up to date."