Why Cybercriminals Favor the Financial Sector and how application security can help

By Neatsun Ziv, CEO at Ox Security

In every organization with a profit-motive, the sectors, deals and verticals which you target will be determined by the associated gains they offer – ideally, with the least effort or resources utilized. In this respect, cybercriminals operate no differently from legitimate businesses. They will choose their targets based on the maximum gains available to them. This, in many cases, leads them directly to the financial sector. Financial services is an area of business which has been forced, by consumer habits and technological advancements, to digitally transform at speeds which vastly outstrip other industries. This, coupled with the obvious fact that there’s a sizable financial reward for hackers targeting financial institutions, has meant they remain firmly in the firing line.

Last year, the financial sector was the second most breached industry, experiencing 566 incidents primarily in the U.S., Argentina, Brazil, and China. These incidents resulted in over 254 million compromised records, highlighting significant vulnerabilities in cloud products and third-party software solutions used in banking. A notable example of third-party risks was the SolarWinds incident in 2020, where malicious software updates exposed numerous organizations, reflecting the extensive potential impact on the financial industry. Additionally, a 2023 ransomware attack on a cloud IT service provider caused significant disruptions for 60 U.S. credit unions, underscoring the systemic risks of third-party IT dependencies.

Code injection attacks pose another critical threat, where attackers introduce malicious code during software development or via compromised third-party libraries, potentially leading to major data breaches and unauthorized access. For instance, compromised development libraries have served as conduits for attackers to breach banking systems. Insider threats also remain a significant concern, as demonstrated by a 2019 incident where a former employee of a cloud service exploited a firewall misconfiguration to access sensitive data, showing how insider access and technical errors can result in severe data leaks.

These episodes highlight the pressing need for the banking sector to enhance transparency and strengthen security measures. Progressive banks are adopting automated security orchestration and automated incident response systems, which significantly decrease response times and reduce the scope for human error. However, To effectively mitigate these significant threats posed by third-party dependencies and breaches, financial institutions must also rigorously address vulnerabilities that arise during the software development process itself.

The banking sector often grapples with the challenge of fully securing applications, particularly due to the reliance on legacy systems and the complexity of integrating diverse technological solutions. This can sometimes lead to application security being somewhat overlooked, despite the heavy investments in broader cybersecurity measures. Rapid technological advancements necessitate continual updates to security practices, which may not always keep pace with the development of new banking applications. Moreover, the sector faces a critical shortage of cybersecurity professionals equipped to handle emerging threats, further complicating the effective management of application security.

To overcome the challenges in application security (AppSec) highlighted in the context of the banking sector, several strategic and operational measures can be implemented:

• Embedding Security in the Development Lifecycle: Integrating security measures throughout the software development lifecycle (SDLC) through a DevSecOps approach is crucial. This means security is considered at every stage of development, from planning to deployment, making it intrinsic rather than an afterthought.
• Regular Security Training for Developers: Providing continuous security training and awareness programs for developers helps mitigate the risk of vulnerabilities being introduced during the development process. This includes training on secure coding practices and awareness of the latest security threats and mitigation techniques. Sadly, Gartner suggests that this kind of continuous training is still rare.
• Utilizing Application Security Posture Management: Find an ASPM platform that not only identifies vulnerabilities in both the code written by the organization and third-party components, take it a step further to provide prioritization and remediation capabilities. .
• Upgrading and Patching Legacy Systems: Regularly update and patch legacy systems to close security gaps. Where possible, consider modernizing legacy applications using more secure frameworks and architectures.
• Implementing Threat Modeling: Conduct regular threat modeling sessions to anticipate potential attack vectors and understand where the most critical vulnerabilities might exist within applications. This proactive approach can guide effective mitigation strategies.
• Enhancing Third-Party Risk Management: Establish a robust third-party risk management framework that includes rigorous security assessments before onboarding vendors, as well as continuous monitoring of third-party services to ensure compliance with security standards.
• Adopting Advanced Security Technologies: Leverage advanced technologies such as machine learning and artificial intelligence to detect unusual patterns and potential security threats in real time. These technologies can enhance the effectiveness of security measures by providing faster and more accurate threat detection.

While implementing these recommendations are crucial, it is equally important that financial security leaders effectively communicate these actions to key stakeholders. They should articulate how these processes not only make security teams more responsive and effective but also increase the cost-effectiveness of the organization’s technology stack without sacrificing security. This also involves identifying tools with overlapping capabilities and refining security strategies to reduce both costs and risks. By taking such comprehensive approaches, financial institutions can significantly strengthen their application security frameworks, better protecting themselves against the evolving landscape of cyber threats.

Conversely however, an approach which aims to provide insights into your entire cloud infrastructure may provide answers which require more complex solutions. The key thing that financial institutions should turn to the security industry is visibility: If they have visibility into their cloud environment, they can work to better understand the blind spots where they might be vulnerable.