KUALA LUMPUR (March 12): The rapid digitisation of financial services, which accelerated with the Covid-19 pandemic, has led to an increase in global cyberthreats.
In its “Navigating Cyber 2022” report released on Friday (March 11), a global cyber intelligence sharing community solely focused on financial services, namely the Financial Services Information Sharing and Analysis Center (FS-ISAC), said its regional cyberthreat levels (CTLs) were raised from “guarded” to “elevated” three times during 2021.
It said in the past five years, CTL escalations — typically only one per year — were due to major world events like the Covid-19 outbreak and geopolitical tensions.
However, it said a string of high-profile cyberattacks and critical zero-day vulnerabilities caused an unprecedented three escalations because of the ubiquity of the affected parties within the financial sector’s supply chain.
FS-ISAC chief executive officer Steven Silberstein said as the threat landscape continues to evolve at a rapid pace, cross-border intelligence sharing is critical to help defend financial institutions against cyberthreats.
“As the global finCyber utility, the FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise and capabilities to better manage cyber risks that the global financial industry faces on a daily basis,” he said.
The report said third-party attacks pose significant risks to the financial industry due to reliance on a myriad of providers and suppliers.
It said financial institutions typically enjoy a higher security posture than other sectors, with more mature cybersecurity and intelligence programmes.
Truly impactful cybersecurity incidents within the sector are therefore relatively rare.
However, several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms, with resulting resources expended on assessing exposure, patching and additional mitigations, as well as increased compliance mandates for third-party operational resilience.
The FS-ISAC said zero-day vulnerability exploits are increasing due to the diversification of the kill chain.
It said criminals increasingly specialise in different stages of cybercrime, making it easy to simply buy (or sell) access to vulnerabilities without needing to know how to find them.
Meanwhile, it said ransomware groups operating in safe-haven countries often shut down temporarily to avoid international law enforcement, only to open months later under new names with few repercussions.
The FS-ISAC said member financial firms had reported high levels of phishing and business email compromise, which is the entry point for most attacks, as well as the persistence of notorious malware strains often used to drop ransomware.
FS-ISAC global head of intelligence Teresa Walsh said the macro-level cyber landscape translates into increased cyberthreat activity on a daily basis as cybercriminals are endlessly inventive in how they gain access and leverage to extort victims.
“Phishing schemes continue to be one of the most popular tactics threat actors use to access networks.
“In fact, 24% of FS-ISAC member-reported incidents are phishing campaigns targeting employees,” she said.