The threat posed to the finance and insurance sectors remains at a high level. Hackers usually gain access to critical data records via incomplete or improperly configured applications. But mistakes made by in-house staff also cause many incidents.
According to the latest Verizon Data Breach Investigations Report 2020 (PDF), attacks alone on web applications along with employee errors, are responsible for 81 percent of data breaches in the financial and insurance industries. Cybercriminals usually use stolen login data for credential stuffing or credential cracking to gain access to high-value accounts. At 91 percent, the vast majority of hacker have a financially motivated background. This is followed by espionage conducted by actors of nation states and malevolence with three percent each.
Negligence & costly mistakes
An alarming result of the study is also that in-house staff are responsible for about the same number of incidents of non-compliance as intruders from outside. In most cases information was simply inadvertently forwarded to the wrong addressees. Another major source of error is incorrectly configured systems, which then result in a data leak. The starting point for this are unsecured cloud databases and incorrectly managed firewalls.
Bots have their sights on the financial sector
The report also shows that attacks by botnets are mostly aimed at the financial sector. For the most part, cybercriminals employ Trojan horses and other malware to build up the largest and most powerful networks possible for automated attacks. In addition to conventional computers, the affected devices include poorly secured IoT devices such as network printers, IP cameras, and baby monitors.
Phishing & social engineering
Phishing attacks and various forms of Business E-Mail Compromise (BEC) also pose a major threat to companies in the finance and insurance industries. Using spear phishing, hackers target individual employees, and impersonate decision-makers in meaningful email conversations to effect the release of valuable information. Meanwhile, social engineering and pretexting are also popular tools used by scammers, for example, to transfer large sums of money using an made-up but well-founded excuse.
Myra guards banks and insurance companies against cyber attacks
Myra’s multiply certified and audited Security-as-a-Service platform reliably protects companies in the finance and insurance industry from virtual attacks. Myra is the only BSI-certified DDoS protection provider in the world that fully meets all performance requirements. As such, highly sensitive infrastructure is in safe hands with Myra. As an upstream filter, Myra Web Application Security protects your web applications. Malicious traffic is filtered out before malicious data streams reach your servers or the cloud architecture.