Banking Trojans and Mobile Malware ranked top security concerns for the Financial Services Industry in 2020

Trojans, Mobile Malware, security, Financial Services, 2020

While the shortage of skills and the high volume of threat alerts pose the biggest challenges to cybersecurity programs, the key security priorities are about preventing fraud and data leaks 

The Banking and Financial Services sector is struggling with a skills shortage along with the sheer volume of threats and alerts as it continues its ongoing battle against cybercrime. This is according to a Twitter poll conducted by cyber threat intelligence provider Blueliv. With financial organizations, a prime target for attacks, preventing fraud and data leakages is key to the sector’s security strategies – but it is getting harder as cyber threats become increasingly diverse, sophisticated and malicious.

Also read: Some unfounded Misconceptions About the Digital Transformation Journey

A rise in banking Trojans

The poll revealed that roughly a third of respondents are concerned about the impact banking Trojans (31 percent) and mobile malware (28 percent) will have on financial services organizations and their customers in 2020. This is in line with Blueliv’s latest cyber threat intelligence report for the financial services sector, now available here.

Tracking the latest evolving threats, Blueliv’s researchers observed a 283 percent increase in botnets relating to Trickbot as well as a 130 percent increase in Dridex botnets. These botnets are linked to the distribution of banking Trojans and other malware families targeting the financial services sector.

Blueliv’s report also highlights that malware targeting mobile apps is one of the most rapidly developing threats to the financial services sector, with functionalities that allow criminals to gather user credentials as well as steal funds from mobile users’ bank accounts. This is partly driven by the fact that cybercriminals can now easily buy malware builders in underground forums, and that these often include advanced evasion techniques so the malware remains undetected on infected devices.

Fraud prevention most crucial security element

While the financial services sector – by its very nature – has some of the most mature cyber defense strategies and is ahead of many other industries in detecting and preventing economic crime, weak spots remain in some organizations’ fraud risk assessments. This is underlined by the fact that 35 percent of poll respondents named fraud prevention the most crucial element to an ongoing cybersecurity strategy. Unauthorized transmission of data from within an organization to external recipients is another key concern, with 31 percent of respondents considering the prevention of data leaks the most important.

Just under a quarter (24 percent) would focus their security strategy around regulation and compliance requirements such as GDPR; in contrast to this, the same number of respondents (25 percent) named regulatory issues as the biggest challenge for financial services institutions developing ongoing security programs.

Also read: 10% of the Global Workforce Changing Jobs Due to the Green Guilt Influence

Visibility of threats is a challenge

According to the poll, financial services organizations encounter a range of issues as they build their security programs – the most pressing being a shortage of skills (28 percent), followed by the high volume of threats and alerts (26 percent) and a lack of visibility into cyber threats (20 percent). This is hardly surprising: as financial services institutions (FSIs) embrace digital processes and new customer interaction channels, so their attack surface grows, making it harder to keep on top of threats ranging from Point-of-Sale (PoS) to ATM malware, mobile apps malware to card skimmers.

“Organizations in the financial sector face a constantly changing threat landscape,” commented Daniel Solís, CEO and founder, Blueliv. “Business priorities have shifted and digital risk management is now central. Because they are such high-value targets for cybercriminal activity, it is imperative that financial services organizations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack.”

Solís continued, “FSI security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitization to real, preventable threats. Threat intelligence can address the cyber skills gap through continuous automated monitoring combined with the human resources to provide context, helping FSIs develop highly-targeted threat detection, prevention, and investigation capabilities.”

Attracting 11,380 responses, the Blueliv Twitter poll was conducted during the week of 25 November 2019.

Blueliv’s cyber threat intelligence report is a reference whitepaper for the financial service industry. It provides an overview of threats, certain threat actors, as well as recommendations on how organizations can manage their digital risk more effectively

Also read: Industries are moving from Edge Computing to Edge Capture