Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/27/2021
04:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cybercriminals Cash Out as Finance Industry Becomes Lucrative Targets

Report finds 70% of financial services organizations have reported experiencing a cyberattack in the past 12 months alone.

CHICAGO, IL, Jan. 27, 2021 -- Keeper Security, provider of the highly-rated and industry-leading cybersecurity platform for preventing password-related data breaches and cyberthreats, today revealed 70% of financial services organizations reported experiencing a cyberattack in the past 12 months--approximately a 20 percentage-point increase compared to 2019. Ahead of Data Privacy Day, the findings from Keeper’s Cybersecurity in the Remote Work Era: A Global Risk Report reiterate how COVID-19 has significantly impacted financial organizations’ security postures.

The Monetary Impact of Cyberattacks on Financial Institutions is Severe 

Cyberattacks bring more damage than a loss of information, and unfortunately, the financial sector is a lucrative target for bad actors. On average, these attacks cost financial institutions 75% more than other organizations ($4.7 million vs. $2.7 million). Over the past year alone, financial organizations suffered from credential thefts (64%), general malware (53%) and account takeover (43%). Given the uncertainty of the pandemic, more than half of organizations (59%) have experienced an attack that specifically leveraged COVID-19 as a threat vector. 

Although the financial sector has clearly seen increased attacks during the pandemic, 79% say their organization does have an incident response plan for responding to cyberattacks and data breaches. This is a 26-point increase compared to 2019, putting the industry in a good position for protection and improvement for the future. 

Challenges to strengthen security posture still remain. Insufficient budget is the largest aspect that keeps a financial organization’s IT security posture from being fully effective (50%), followed by a lack of clear leadership (37%), and a lack of understanding how to protect against cyberattacks (34%).

“The financial services industry has taken a significant hit over the last year as the cost of disrupting normal operations skyrocketed by more than 150%. With the increase of remote work, we see more holes in organizations’ security processes, especially as employees work from home around the world,” said Keeper’s CEO Darren Guccione. “Taking even the simplest precautionary steps can create a more secure environment, like using two-factor authentication and password management systems, and help mitigate even the most brutal attacks to networks.”

Bringing Your Own Device (BYOD) Also Brings More Risks

Rushed transitions to remote working put many companies in jeopardy last year. The most vulnerable endpoints or entry points to an organization's networks and enterprise systems are found to be laptops (54%), mobile devices (50%), smartphones (45%) and cloud systems (43%). 

Only 60% of finance organizations have a policy in place on the security requirements for teleworkers. These include promoting the importance of password hygiene, requiring authentication methods (of which, 90% of companies mandated) and protection of employees’ personal devices when they are used for business activities.

Continuing the conversation on cybersecurity, Keeper CEO Darren Guccione will join Cybercrime Support Network (CSN) CEO Kristin Judge tomorrow, January 28th at 1:00 PM CT, for an engaging discussion on why organizations need to make data privacy a high priority in today’s interconnected ecosystem. To register and participate in the conversation, sign up here.

About Keeper Security, Inc.

Keeper Security, Inc. (Keeper) is the highly-rated and patented cybersecurity platform for preventing password-related data breaches and cyberthreats. Keeper’s zero-knowledge security and encryption software is trusted by millions of people and thousands of businesses across the globe to mitigate the risk of cybertheft, boost employee productivity and meet compliance standards. In 2020, Keeper was named PCMag’s Best Password Manager of the Year & Editors’ Choice for the third time. Keeper has also been named PCWorld’s Editors’ Choice and is the winner of four G2 Best Software Awards and the InfoSec Award for Best Product in Password Management for SMB Cybersecurity. Keeper is SOC-2 and ISO 27001 Certified and is also listed for use by the U.S. federal government through the System for Award Management (SAM).

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8032
PUBLISHED: 2021-02-25
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-36254
PUBLISHED: 2021-02-25
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
CVE-2021-27670
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27671
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.