Cybercriminals have targeted the financial industry for years: according to Boston Consulting Group (BCG), banks and financial services providers are attacked 300 times more frequently than other companies and Accenture projects cybercrime-related losses of approximately $347 billion for the global financial industry between 2019 and 2023. In its Risk Barometer for 2021, Allianz ranks cyber incidents as the biggest risk factor for the financial industry. This list can go on and on.
Digital assets becoming increasingly valuable – attacks more accessible than ever before
Case study from the Myra Security Operation Center: DDoS extortion (RDoS) of a financial services provider
At the beginning of 2021, a financial services provider from the German-speaking region received an anonymous ransom note demanding payment of a ransom of 10 Bitcoin (currently worth approx. €420,000). At the same time, an initial DDoS attack of 200 GBit/s was launched to demonstrate that the cyber extortionists were serious. If payment was not made, they threatened a huge attack employing up to 1 TBit/s of bandwidth – along with a higher ransom demand. Thanks to Myra Security’s certified Security-as-a-Service platform, both attacks were fully mitigated. There was no additional load on the financial services provider’s servers, and all outsourced services continued to run smoothly for its customers. The attackers then moved on to other targets. After-action reports in the industry show that vulnerable targets are attacked more often with the attackers likely to return and demand higher ransoms. They steer clear of protected infrastructure to protect their own resources, showing that preventive protection is worthwhile.
Digital protection is subject to strict compliance requirements
Just as banks secure their analog assets with armored vans, vaults, and professional security guards, a trusted partner with specialized expertise is needed to protect digital assets.
Specialist knowledge is also needed to ensure continuous availability, stability, data security, data integrity, and data protection in this sensitive environment. For this reason, the in-house operation of IT security involves a great deal of effort and related costs for hardware, software, and personnel.
Outsourcing as the solution
Special service providers help to overcome this challenge by providing IT processes as outsourcing. The prerequisite is that the partner meets the high compliance requirements resulting from KWG, MaRisk, the BAIT, DORA (in the future), as well as the General Data Protection Regulation (GDPR) and the IT Security Act. They also apply to affiliated service providers. IT security at this level requires many years of industry expertise and the highest level of technological know-how.
Myra specializes in the protection of sensitive and critical infrastructure. Among others, the ECB, direct banks, savings banks, and the German government use the certified services of the German specialist provider.