Nearly two thirds of large financial institutions have been targeted by significant cyber-attacks, according to new research.
A survey of cybersecurity leaders by California-based Contrast Security found that 60% of global financial companies had been affected by “destructive” cyber-attacks in 2022, that aim to delete data or otherwise cripple banks’ internal systems.
The same proportion had been hit by “watering-hole” attacks that hijack websites or apps used by customers, the survey showed.
“Over the past year, attacks have included banking trojans, ransomware, account takeover, theft of customer data and cybercrime cartels deploying ‘trojanized’ finance apps to deliver malware in spear-phishing campaigns,” Contrast Security’s report stated.
“Given that backdrop, cybercriminals became punitive, escalating intrusions by launching destructive attacks against [financial institutions].”
The company’s chief information security officer Dave Lindner added that attacks were only going to become more commonplace as more weaknesses and vulnerabilities are identified in software and computer systems.
“The increase [in vulnerabilities] will continue in 2023, creating more potential avenues of attack for malicious actors, and requiring organizations to prioritize zero-day runtime protection now,” Lindner said.
Cybersecurity is the top priority for bank chief risk officers this year, according to a recent report from EY. Nearly three quarters of those surveyed say it is among their top five priorities for 2023, with EY adding that CROs “see cyber risk everywhere”.
Meanwhile, although many banks have been investing in new and more robust IT systems in recent years, the Federal Deposit Insurance Corporation’s risk program overseeing cybersecurity is “outdated” and may be missing significant issues, an internal audit report found.