The Facts about Financial Services and Cyber Attacks

Author: Crypsis | A Palo Alto Networks Company October 30, 2020

Financial Services and Cyber Attacks

As cyber criminals grow in both number and sophistication, their targeting has become more strategic, focusing on maximum effectiveness and profitability. As data pours in on global cybercrime, one industry has solidified its position as a target of choice: financial services.  

Even though financial service organizations consistently outspend most of their vertical sector peers in cybersecurity staff, tools, and associated investments, the cyber hits keep coming.


Below, we outline three key reasons why financial institutions are the top target for cybercriminals, the most prevalent cyber attack types, and how organizations can fight back.

1. Targeting Financial Service Organizations Pays Big

It’s no coincidence that financial service organizations are disproportionately targeted by threat actors; the rationale is quite simple.

Threat actors target organizations that have what they want and what pays big — money, data that can be sold for money, and vulnerabilities that enable access to both.

Threat attackers are becoming more sophisticated with their approach to targeting and how they determine the most profitable industries, organizations, and individuals. Cyber criminals are doing more research and reconnaissance every year to better target victims in order to maximize their financial return and likelihood of success.

With a plethora of rich financial and data assets, financial services organizations are the optimal target. Not only do they control and manage valuable data, but they are also challenged to meet the growing demands of customers; namely, digital services.

2. Customers Demand Digital Service Models and Apps

Customer demand for convenient and immediate access to financial data is driving yet another vulnerability for financial organizations. Cloud technologies, data analytics, and robotics are becoming essential tools for larger institutions as they work to meet the challenges of the digital economy. But these new technologies expand the attack surface and the ability for threat actors to isolate vulnerabilities.

To help organizations meet digital demands efficiently, more capable and secure digital service models and third-party vendors are required, but that often leads to more security complexity. These increasingly complex IT systems are harder to secure end to end, and a focus only on meeting regulatory compliance can leave gaps.

In contrast to larger institutions, smaller financial businesses including accounting firms, credit unions, and asset managers may not have the expansive IT or security staff on site to provide in-depth cybersecurity services. These smaller firms may also use email to conduct financial transactions, presenting an opportunity for threat actors to insert themselves into the process. Another potential point of vulnerability that can affect smaller firms even more heavily than larger firms (though both are affected) is leveraging third-party providers via remote access technologies, which can be configured insecurely without the financial institution’s knowledge.

3. Inconsistent Monitoring and Management

Securing digital assets is not a one-and-done process; it requires ongoing monitoring and management to keep pace with the constant evolution of both the digital landscape and in-use systems. 

However, sourcing the right internal IT security personnel and third-party cybersecurity vendors to support this technology can be challenging for organizations of all sizes.


Implementing IT infrastructure takes time and expertise. It requires organizations to source the right team members to educate and lead the organization through new processes. Additionally, monitoring and managing data security requires constant training, vulnerability testing, and a focus on staying ahead of new and evolving threats. As new cloud-based technology is adopted, team members must also understand the “Shared Responsibility Model” and how to execute cloud security controls and settings that protect sensitive data.

What Types of Attacks Threaten Financial Services?

While financial services is affected by the full span of threat types, our research discovered that two threat types were most frequently waged in 2019 to target financial institutions: business email compromises and insider attacks. 

Business email compromise is the unauthorized access to your email systems. It can include but is not limited to: fraudulent wire transfer requests, spam or phishing emails sent from your domain, and missing or deleted emails. With so many email accounts directly accessible from the internet, stolen credentials can lead to not only loss of funds, but also a breach of sensitive data.

Insider attacks occur when a member of your organization removes or reveals data or information for personal or financial gain or to damage the reputation of your organization. Insider attacks can include leaks of confidential information, theft of intellectual property, and unauthorized access to sensitive information. 

In addition to these attack types, financial services organizations were disproportionately affected by inadvertent disclosure of sensitive data—the accidental exposure of sensitive data, often through misconfigurations of cloud settings or web-facing applications. Because financial services organizations rely heavily on cloud solutions and customer-facing applications to keep up with data management and customer service models, the opportunity for error is increased--and threat actors continually scan for such opportunities to compromise exposed data. 

Learn more about cybersecurity threats and trends in the 2020 Incident Response and Data Breach Report.

How Can Financial Service Organizations Stop Cyber Attacks?

To appropriately protect your financial services organization from cyber threats, investing in cybersecurity testing and training is essential.

This includes conducting biannual, in-depth security awareness training that goes beyond the basics, so employees learn to spot advanced threat tactics. The training program should include customized modules focused on each group in the company, addressing how they may be targeted. Training examples should cover advanced phishing techniques (getting iteratively harder each time), a broad range of social engineering tactics, signs of insider threat activities (as well as providing anonymous methods to report issues), and physical security. 

Focused, in-depth training of security and IT personnel on cloud platforms is also essential. 

Should you require additional support, managed security services that offer 24/7 monitoring and response capabilities are an excellent way to support smaller IT operations, but larger organizations often use them as well due to the increasingly specialized skill sets needed in today’s environments.

To help optimize and prioritize security expenditures, security assessments and penetration testing conducted with the appropriate level of rigor can identify weaknesses and better target investments.

No industry is without vulnerabilities, but financial service organizations are bearing the brunt of cyber attacks because of the financial and data assets they control. Ensuring that security investments are targeted in the right areas and that staff is trained appropriately to monitor and manage threats will help financial services organizations better weather the hacker storm.

Download the 2020 Incident Response and Data Breach Report for a detailed review of the most pervasive and impactful cyber threats and incident investigations.

Topics: Security Insights