Bank and FI business models increasingly favoured by cyber criminals

Banks and financial institutions are becoming more exposed to cyber crime and fraud as business models change and they work with more partners, according to Raj Shenoy, global head of digital security, treasury and trade solutions business at Citi.

“Businesses are becoming more and more integrated and they are reliant on supply chains flows. The points of integration are being exploited by bad actors,” he said, speaking at Money 2020 in Las Vegas. “Criminals are looking for weak points – and the integration points in the supply chain can be vulnerable.”

According to Shenoy, there has been a 72 percent increase in terms of the volume of attacks on financial institutions over the past five years. Globally, the impact is huge, with the industry spending trillions on cyber security and fraud. That’s only going to increase, he said.

A recent Accenture report indicates the direct financial cost of ransomware attacks have increased by 23 percent, year on year. But it’s not just the immediate financial damage causing concerns at financial institutions.

“We’re seeing an increase in business disruption, where firms aren’t able to get their normal business done, the reputational risk, where customers no longer have faith in the firm’s abilities, but there’s also the loses of data, where there’s no longer the opportunity to monetise that data for other purposes,” said Shenoy.

“Those are starting to outstrip the direct and immediate financial impacts,” he added.

Shenoy suggested that software developers are developing and building programs capable of instigating cyber attacks and selling them onto non-technical bad actors – from organised crime syndicates to nation states and others, including the firm’s employees.

“Employees are tremendous assets – they’re trained, they’re aware of what’s in place to help counter attacks, but they can also be co-opted and duped into providing access – privileged access – to systems even if they have legitimate business purposes and accidentally pass that over to a bad actor.

“We’ve seen a huge shift over time in terms of some of the cyber risks and some of the cyber adversaries who have entered the field,” he said. “People are now so much more technically knowledgeable than they were in the past, and they’re building software. They’re then taking that software and using it on a large scale without the need for that technical knowledge.”

According to Intsights, more than a quarter of all malwares created target financial institutions. Year on year, the number of compromised credit cards has increased by 212 percent, credential leaks have increased by 129 percent, and malicious apps by 102 percent.

Related reading