As the world grappled with its response to the global COVID pandemic over the last 14 months, cyber criminals looked for new opportunities to turn the chaos and uncertainty to their advantage. Attacks on healthcare providers and government agencies escalated. IT admins struggled to implement new security protocols as greater numbers of employees began working from home. As COVID-19 threatened our physical health, a much larger attack surface made our digital health more vulnerable.
The COVID Crime Index 2021 report issued last week by BAE Systems found that COVID-19 also led to a surge in cyber crime against banks, insurance companies, and others in the financial sector during the last year. The Cybersecurity and Infrastructure Security Agency (CISA) categorizes the financial sector as part of the nation’s critical infrastructure because of the thousands of depository institutions it contains and the devastating impact that a disruption of services could have on consumers and organizations worldwide.
Vulnerability by the Numbers
Some 74 percent of financial institutions surveyed by BAE reported a rise in malicious activity since the start of the pandemic. This activity includes attacks by mobile malware, phishing, botnets, ransomware and COVID-specific malware, and insider threats. The report further noted that 51 percent of financial institutions had to adapt existing security strategies as a result of shifting to remote work. This shift required an average of 18 weeks to implement.
The expanded attack surface created by greater numbers of employees working remotely has created challenges for most industry sectors. “The pandemic has offered cyber criminals and fraudsters new opportunities to probe for weaknesses and new ways to disguise their activity,” said Dr. Adrian Nish, Head of Cyber at BAE, in the report. To make matters worse, funding for IT security during this period dropped 26 percent, the report found.
The huge size of the financial services sector and the enormous wealth it controls each contribute to its vulnerability to attack. The U.S. banking sector alone, just one part of financial services, controls assets of more than $30 trillion, according to the Economist Intelligence Unit. Those assets represent multinational conglomerates and corporations, small and medium-sized businesses, and millions of individual consumers.
The elevated threat of attack on institutions had a knock-on effect on consumer confidence and security, the BAE report also found. Almost 75 percent of consumers surveyed said they noticed an increase in fraudulent or suspicious activity in the last year. About 25 percent said they are more concerned now about cyber crime than physical crime. One in five consumers were directly targeted with an average loss per incident of between $749 and $1,179.
A New Cybersecurity Landscape
Financial institutions and other organizations might well have to adjust to a more permanent remote work environment for their employees. Forbes recently reported on a survey by Enterprise Technology Research that found that the percentage of employees permanently working from home is expected to double in 2021. A similar survey by Gartner CFO found that about 74 percent of CFOs plan to transition some on-site employees to remote work after the pandemic ends.
An increase in remote work means a need for improved strategies to mitigate the risk of a devastating cyberattack. Even before the COVID-19 pandemic, U.S. cybersecurity authorities had warned of an escalation in ransomware and malware attacks on the financial sector. If the work-at-home trend increases as expected, strategies to keep business-critical data secure from unauthorized access will need to keep pace.
For more than a decade, SecureData has tailored its data security strategy to meet current and emerging threats facing critical industrial sectors. This strategy begins with FIPS-validated and hardware-encrypted offline backup and portable storage drives with built-in antivirus protection. Our software solutions add additional layers of security by offering remote drive management options and port-blocking technology for hardened endpoint security.
If you handle and store sensitive or regulated data, we can help you do it more safely. Call us at 1-800-520-1677 to speak to one of our data security experts about a comprehensive security solution that works best for your industry.