Social Engineering & Sector Culture
Behavioral techniques are used to trick people to provide sensitive information.
•According to IBM’s 2019 X-Force Threat Intelligence Index, 29% of attacks involved phishing emails. The primary targets are accounts of senior banking members (SwivelSecure).
•These phishing attacks are the #1 attack in the banking sector as once inside attackers can use APT to harvest personal/financial data (Naz).
Exploited Vulnerabilities
Increase in hybrid workforce and cloud based have increased network vulnerabilities.
As per Mimecast, 56% of infected systems are due to the inability to patch “zero-day” threats.
Positive Technologies, a company that has a commercial stake in securing web apps, found that banking institutions were “the most vulnerable” to getting hacked as of 2018. (Whittaker)
Ransomware
Data encrypted by attackers has become more frequent and a major headache to most companies.
According to a Sophos 2023 report, 64% of institutions reported being hit by ransomware vs 36% across all sectors.
Concerningly only 14% of the encryption attacks were stopped prior to having data encrypted.