Ransomware has overtaken spearphishing as the top attack vector leading to increased concerns regarding employee and user awareness

The financial services industry is under a barrage of ransomware and spearphishing attacks, according to a new survey conducted by the SANS Institute, gauging the state of risk and security in the financial sector.

For the first time, ransomware, identified by 55% of respondents, has eclipsed spearphishing (50%) as the top attack vector. Such attacks have caused considerable damage, with 32% of survey respondents citing losses between $100,001 and $500,000 as a result of their breaches.

“This year we’ve witnessed a dramatic rise in ransomware which has caused it to displace phishing as the No. 1 attack against financial institutions,” said Ned Baltagi, Managing Director, Middle East & Africa at SANS. “This threat vector is particularly damaging since it places sensitive information at high risk and can be easily executed through deceptive social engineering techniques.”

Both ransomware and phishing attacks prey on the vulnerabilities associated with users, who often click on links unwittingly that unleash vicious attacks on their organization’s assets.

For that reason, organizations are focusing on time-tested controls such as email monitoring and security awareness training to reduce the potential for employee actions that unleash malware on their devices. They are also employing perimeter defences, endpoint protections and log management techniques to identify, stop and remediate threats. To aid organizations in these efforts, SANS will conduct a series of Cyber Security trainings in Dubai in from 28 January to 2 Febuary, 2017. This will include courses on Continuous Monitoring and Security Operations; Web App Penetration Testing and Ethical Hacking; ICS/SCADA Security Essentials.

“Cyber security spending now accounts for a significant portion of IT budgets in the Middle East and it is encouraging to see that overall, respondents have experienced fewer high-impact security events. What remains unclear is whether they are sufficiently equipped to defend against these attacks,” said Baltagi. Just over half of surveyed organizations claim to have felt prepared or very prepared to fend off attacks. “And even this readiness will stand to be tested when alternative payments systems come online,” he added.

Although only 29% of respondents’ organizations are using alternative payment systems today, many companies will be adding them in the near future, driven by customer demand, the need for a competitive advantage and potential cost reductions.

After careful analysis of the current status of cyber security in the financial sector, SANS Analyst and author of the survey report, G. Mark Hardy concluded, “Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later.”

The entire report titled ‘From the Trenches: SANS 2016 Survey on Security

and Risk in the Financial Sector’ can be downloaded from: https://www.sans.org/reading-room/whitepapers/analyst/trenches-2016-survey-security-risk-financial-sector-37337