The top three threats to post-Covid FSI security

By Sarah Armstrong-Smith, Chief Security Advisor, Microsoft UK

How tech can guard against the most modern forms of cybercrime

Throughout the global pandemic, FSI organisations have been under increased pressure to continue to deliver an array of services – they have had to adjust to remote and hybrid working, as well as supporting consumers with loans and Government-backed payment schemes. The key to the pandemic response was adaptability, availability, and speed – and FSIs rose to the challenge with gusto. But now, security and compliance are back on top as one of the most important factors for FSI organisations to focus on, and technology will be crucial in the fight back against a growing number of cybercriminals.

Cybercrime is now as profitable as the drugs trade

Cybercrime has evolved during the pandemic too, and cybercriminals are advancing their tactics, at scale, to capitalise on how profitable it has become. In fact, cybercrime is now comparable to the global drugs trade with regards to the level of profit and syndication involved in cyber criminal’s operations, where groups are created, and each member is paid for a particular expertise. Attackers evade detection with high levels of sophistication and move money extremely quickly. They also operate cross jurisdictions, taking advantage of a lack of law enforcement collaboration between some nations.

Of course, not only are FSI organisations high-value targets for cybercrime, but they are also potentially liable for additional costs when protecting their consumers from being the victims of increasingly sophisticated scams and fraud. Insurers are having to pay out large sums when victims of ransomware and email compromise claims, with additional pressure coming from consumers and regulators. FSIs must be cognisant that the risk is evolving rapidly, and they themselves are huge targets for attack – particularly when nation state actors are taken into consideration.

The top three threats

When it comes to cybercrime, research from Microsoft revealed the three key areas FSI organisations need to protect against when it comes to the changing threat landscape, with each being operationally, reputationally and financially damaging. Each is growing in prevalence and complexity.

Phishing continues to be the most common cyber threat, with 70% of all attacks starting with phishing or credential compromise. Phishing emails are designed to trick an individual into sharing sensitive information, such as usernames and passwords with an attacker, most commonly using malicious domains which masquerade as well known, legitimate login pages. Attachments may also contain malware, designed to be released on to endpoints and into the target network. Meanwhile, credentials and other types of information are obtained by the attacker for later abuse or sale.

Secondly, ransomware is one of the most operationally impacting cybercrimes, as we see criminal actors performing reconnaissance on a target victim to infiltrate their critical infrastructure and potentially gaining access to financial documents and insurance policies to identify an optimal ransom demand. Ransomware has grown to include a variety of extortion techniques enabled by human intelligence and research. A common attack involves a threat actor deploying malware and scripting that encrypts and exfiltrates data and then holds that data for a ransom, often demanding payment in cryptocurrency.

Thirdly, while not the most prolific type of malicious email in terms of quantity, business email compromise (BEC) is becoming a growing concern and could be considered the most financially impacting cybercrime of all, equating to 40% of all financial crime on the internet. Email compromise is one of the growth areas of cyberattacks, particularly when we consider the abuse and resilience of the supply chain. BEC attacks occur when an attacker pretends to be a legitimate businessperson often in a position of authority, most often by using a compromised email address, or spoofing a company domain. It benefits from the complexity of financial accounting, by monitoring financial or business-related messages to intercept. One party to a financial transaction is impersonated to authorise transactions or divert payments to an unauthorised recipient. In this case, it is particularly insidious as the person whose credentials and email account were compromised would unknowingly cause another person or company to become a victim.

Technology plays a crucial role in the defence against cybercrime

Technologies such as cloud, AI, data analytics and multi-factor authentication can all play a crucial role in protecting FSI’s critical infrastructure against cyberattacks, especially considering external stimuli including nation state actors, the continued proliferation of hybrid working and the rapid spread of disinformation.

Many FSI organisations are reconsidering their business models and are looking to the Cloud, to seek innovation and increased security capacity, as well as cost optimisation. We have seen a shift in emphasis over the last few years, as boardrooms learn that cybersecurity is fundamental to every aspect of their business operations, but more education is critical to this. FSIs must make it an organisational priority to increase that understanding and awareness of the threats involved from cybercrime across their businesses, as well as being cognisant of it as an evolving and sophisticated risk.

As well as the agility and flexibility the cloud can provide, one of the biggest benefits of a cloud-first strategy from a cybersecurity perspective is having access to threat intelligence and trend reports. Cloud service providers are actively monitoring a variety of different threat actors globally, whether they are ransomware operators or nation states, and disseminate intelligence about the evolving tactics and techniques, which enables organisations to evolve their response.

FSI organisations stand the best chance of defending against cyberattacks by being empowered with knowledge and supported in their security and compliance objectives. Cloud service providers have a huge role to play in the future of cybersecurity. Not just in terms of protecting companies, but also protecting nations as well.