IBM X-Force: Financial Services Most Targeted By Cybercriminals in 2016

IBM X-Force: Financial Services Most Targeted By Cybercriminals in 2016
27.04.2017 11:30 am

IBM X-Force: Financial Services Most Targeted By Cybercriminals in 2016

Security

 IBM Security today announced research from its IBM X-Force Research team which revealed the financial services industry was attacked more than any other industry in 2016 – 65 percent more than the average organization across all industries. 

As a result, the number of financial services records breached skyrocketed 937 percent in 2016 to more than 200 million. While the financial services industry was targeted the most by cyber-attacks in 2016, data from the IBM X-Force Threat Intelligence Index shows it ranked third by industry for the number of breached records - likely due to investments in security practices.

The financial gains associated with corporate and customer data available throughout the financial sector proved appetizing to cybercriminals in 2016. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015. Interestingly, in 2016, cybercriminals were able to steal significantly more records with a flat year-over-year number of publicly disclosed incidents tracked by IBM X-Force. 

"Cybercriminals have always gone where there is money to be made. While financial services has been a highly targeted industry by cybercriminals, in previous years, their main focus shifted to other more lucrative industries like healthcare or retail," said Nick Bradley, Practice Lead, IBM X-Force Threat Research. "However, in 2016 we saw a significant resurgence to financial services as criminals decided to go directly to the source money." 

Insiders Pose Largest Threat to Financial Services
In looking at ways the financial services sector was attacked in 2016, the report found that the industry was more affected by insider attacks (58 percent) than outsider attacks (42 percent). This shows the genesis of many of the breaches were a result of malicious activity.

Malicious activity inside an organization can be a result of an inadvertent act (53 percent) such as an employee accidentally being tricked to download a malware-laden document through a phishing email which then gives attackers access to information. Many of these attacks occur without the user being aware of it.

Financial Malware Continues to Thrive
IBM X-Force found that some countries experienced a marked increase in financial cybercrime in 2016. Cybercriminals sharpened their focus on business bank accounts by using malware such as Dridex, Neverquest, GozNym and TrickBot to target business banking services. Given the better defenses at large financial institutions, IBM X-Force researchers recently identified TrickBot malware campaigns targeting the less common brands in the industry, like private banks, wealth management,  and high value account types, indicating this ambitious malware gang plans on attacking in new territory.

Mitigating Risk
As cybercriminals continue to pivot and identify lucrative tactics to steal valuable information, IBM X-Force experts recommend the following tips to protect financial services organizations from attacks: 

  • Conduct Employee Awareness Training: Continuously train and test employees to teach them how to identify suspicious emails to avoid falling victim to phishing scams.
  • Reduce Exposure to Insider Threats: Combine data security and identity and access management solutions to protect sensitive data and govern the access of all legitimate users.
  • Apply a Cognitive Approach: Augment a security analyst's ability to identify and understand sophisticated threats by tapping into unlimited amounts of unstructured data from blogs, websites, research papers and the like, and correlating it with relevant security incidents.
  • Develop and Implement an Incident Response Plan: Identify the data necessary to respond to an attack, understand how to mitigate an attacker's access.

Related News

Increased Contactless Spending Could Be Linked to Higher Fraud and Payment Disputes, Warns Global Risk Expert

Monica Eaton-Cardone, COO and Co-Founder of merchant dispute specialist, Chargebacks911, and its revolutionary new financial institution brand, Fi911, warns of... Read more »

Sysnet Adds New Features to its Revolutionary Proactive Data Security Solution

Sysnet Global Solutions, the leading provider of cyber security and compliance solutions, is... Read more »

UK Banks Outperform Rest of Europe in Reducing Card Fraud

UK banks achieved the biggest reduction in card fraud losses last year among 18 countries across Europe, according to the updated FICO European Fraud Map. More... Read more »

Mortgage Lender Specialist Aldermore to Adopt the DPR Distribution Hub

DPR, the provider of savings and lending origination and servicing solutions, has announced Aldermore as... Read more »

TransUnion to Support Newly Promoted Leeds United

TransUnion – one of the UK’s leading credit reference agencies and a global information and insights provider – is celebrating the start of an exciting new... Read more »

SmartSearch ‘TripleCheck’ Sets a New Standard in AML Security

Anti-money-laundering (AML) specialist SmartSearch has launched TripleCheck, a ground-breaking new digital Know Your Customer (KYC) and AML solution.

... Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel