Global cyber threats to increase in the financial sector

FS-ISAC new report finds third-party risk, zero-day vulnerability, and ransomware will remain the top cyber threats facing financial institutions in 2022

The rapid digitisation of the financial services sector has led to an increase in global cyber threats in 2021, finds the Financial Services Information Sharing and Analysis Center (FS-ISAC), the only global cyber intelligence sharing community solely focused on financial services.

Announced in its annual Global Intelligence Office report, Navigating Cyber 2022, the company expects that in 2022 third-party risk, zero-day vulnerabilities, and ransomware groups will adapt to the changing cyber environment and continue to increase.  

FS-ISAC members represent over US$35tn in assets under management, with 16,000 users in 65 countries. Headquartered in the United States, the organisation also has offices in the United Kingdom, the Netherlands, and Singapore. 

Defending financial institutions against cyber threats

Several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms. Many of the major incidents over the past year have elements of all three trends recognised in the report, with third-party suppliers as the attack surface, zero-day vulnerabilities the key infection vector, and ransomware the end threat. 

These high-level trends translate into increased cyber activity for the sector on a daily basis. Member financial firms around the world reported high levels of social engineering such as phishing and business email compromise (the entry point for most attacks), the persistence of some of the most notorious malware strains often used to drop ransomware, and a new level of scale and sophistication.

"As the threat landscape continues to evolve at a rapid pace, cross-border intelligence sharing is critical to help defend financial institutions against cyber threats," said Steven Silberstein, CEO of FS-ISAC. "As the global fincyber utility, FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise, and capabilities to better manage cyber risks that the global financial industry faces on a daily basis."

Issuing more financial regulation 

Financial regulators around the world have already begun to issue more stringent guidance on third-party risk management and operational resilience. 

From the US Securities and Exchange Commission to the European Central Bank to the Monetary Authority of Singapore, authorities have signaled they plan to increase cybersecurity compliance obligations such as mandating cyber risk and incident disclosures, shortening notification windows, and holding firms accountable for service providers’ cybersecurity measures. Authorities are getting more involved in information sharing and warnings as geopolitical tensions increasingly play out in the cyber sphere, especially that of critical infrastructure. 

"The macro-level cyber landscape translates into increased cyber threat activity on a daily basis, as cybercriminals are endlessly inventive in how they gain access and leverage to extort victims," said Teresa Walsh, Global Head of Intelligence at FS-ISAC. "Phishing schemes continue to be one of the most popular tactics threat actors use to access networks. In fact, 24% of FS-ISAC member-reported incidents are phishing campaigns targeting employees."

 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI