Proposed Legislation Protects Against Financial Cyberthreats

Laura BednarCybersecurityLeave a Comment

Financial Cyberattack COVID-19

Industries worldwide have seen an increase in cybersecurity incidents during the COVID-19 pandemic, and malicious actors are only becoming more organized and crafty as the “new normal” sets in. Cybercriminals have been sending phishing emails to remote workers and attempting to infect healthcare systems with ransomware to steal health information about the virus. While these instances are bad enough, the American financial sector has been hit hardest with a 238% increase in cyberattacks just during the first five months of 2020.

Experts came before a panel of Congressional representatives earlier this week to explain how cybercriminals and fraudsters are exploiting the financial system during the pandemic. They also proposed some actions that the government needs to take to protect themselves. Lawmakers have currently drafted four different legislative proposals to increase cybersecurity during this global crisis.

How the Pandemic Affected Cybersecurity

In March alone, a study by VMware Carbon Black found that financial-related attacks accounted for 52% of all attacks seen across their dataset. Many companies transformed their regular business model into completely remote work, which attackers took advantage of through phishing emails and attempts to hijack individual wi-fi connections. However, as larger corporations such as retail shifted to remote business models, research suggests that attacks shifted towards financial organizations.

Overall, FBI Deputy Assistant Director Tonya Ugoretz said the number of daily complaints to the Internet Crime Complaint Center has almost quadrupled over the past forum months. Hackers have been launching phishing attacks, trojans, ransomware, and more in an attempt to expose the vulnerabilities of organizations with little to no protection in place.

The sudden switch to remote work left many companies without the time or resources to properly secure employee devices or networks. This has led to an increase in digital threats everywhere, but financial industries are a main target because they cannot shut down for a few months. People are in need of financial services like online banking and people must still complete their tax forms.

Why Banks and Financial Institutions are Ill-Equipped

Experts who presented to Congress stated that financial institutions are not prepared to mitigate the latest cyberthreats such as cryptojacking and intellectual property theft. Federal agencies were encouraged to meet the new challenges that come with protecting sensitive data from dark web marketplaces and other malicious technology. The longer that systems are left without protection, the longer that hackers have time to organize themselves and create collaborative and complex hacking attempts.

One of the experts testifying, Tom Kellermann, head of cybersecurity strategy at VMware, stated on bankinfosecurity.com, “Because of telework, the major security provisions that have been put in place by banks are no longer effective because the network security paradigm can be bypassed by the VPN tunnels that allow access to the systems.”

The cybercriminals are only working harder to find ways to expose vulnerable systems and counter attack any response efforts that are put in place. The Department of Treasury holds mass amounts of data on not only their own operations and currency but the fiscal information of millions of Americans. To protect this information, lawmakers created drafts of four different bills meant to protect against cybercrimes.

Bills to Protect and Save

There were four bills proposed that would further protect the financial information of Americans and larger institutions. In addition to the bills, suggestions were made that include pushing the Financial Stability Oversight Council to create a way to regulate digital currencies and establishing tax credits for fintech companies who dedicate at least 10% of their IT budget towards bolstering cybersecurity. The bills included:

  • Internet Fraud Prevention Act–FBI members and the Federal Trade Commission would study and report on business email compromise while also creating a Real Estate Fraud Advisory Group
  • Senior Investor Pandemic Fraud Protection Act–this bill would amend the Consumer Financial Protection Act from 2010 to give states funding to protect the vulnerable senior community from internet fraud during the pandemic.
  • COVID-19 Restitution Assistance Fund for Victims of Securities Violations Act–This bill would assist in creating a fund to ensure up to $50,000 in restitution is paid to those who were victims of security violations during COVID-19.
  • Bill yet to be named–This proposed legislation would require federal financial regulators to encourage depository institutions to establish programs that educate customers who may become money mules.

Having a meeting with Congressional representatives to discuss these issues is a step in the right direction as far as increasing cybersecurity efforts for financial institutions nationwide. All industries can increase their data security by knowing what tools are available to them.

Our SecureForensics service provides digital investigations for intellectual property theft, ransomware, data breaches, and more. Additionally, SecureData offers a line of hardware encrypted storage devices that protect sensitive data with FIPS Validated protection and secure authentication methods. To learn more about how to protect businesses of all sizes from cyberthreats, call 1-800-388-1266.