QBE highlights growing cyber risks in financial services sector
QBE highlights growing cyber risks in financial services sector | Insurance Business Asia
Cyber
QBE highlights growing cyber risks in financial services sector
Report provides insights to help businesses mitigate cyber threats
Cyber
By
Roxanne Libatique
QBE has published a new white paper titled “Cyber Threats to the Financial Services Industry,” authored by Jack Tolliday, the global threat intelligence specialist at QBE.
This report examines the evolving cyber risks that are increasingly targeting financial services, providing insights to help businesses better understand and mitigate these threats.
Cyber threats becoming more complex
The white paper addresses the rising complexity of cyber threats and aims to offer businesses critical updates to better prepare for these evolving risks. It focuses on key cyber threats, including ransomware attacks, vulnerability exploitation, phishing, and the risks posed by supply chain breaches.
Ransomware and other extortion-based attacks continue to be significant threats to financial services.
In 2023, the financial services industry ranked as the fourth most targeted sector globally, with the US experiencing the highest number of attacks.
The rapid exploitation of zero-day vulnerabilities in widely used software remains a critical concern, as cybercriminals quickly capitalise on these flaws.
Due to the interconnected nature of financial services, supply chain attacks pose a substantial threat to the industry.
Phishing and credential harvesting remain pervasive techniques for unauthorised access to financial systems.
The report highlighted that ransomware continues to pose a major risk, despite the financial services industry’s ongoing investments in cybersecurity.
Ransomware-as-a-service (RaaS) is particularly concerning, as it enables cybercriminals to gain access to corporate networks through various methods, such as exploiting software vulnerabilities and phishing attacks.
Ransomware in financial services
In 2023, the financial services sector saw 346 ransomware incidents, making it one of the most targeted industries, following business services, retail, and manufacturing.
Attack vectors
The report detailed how cybercriminals are increasingly exploiting external-facing systems, especially those with zero-day vulnerabilities in critical infrastructure like VPN services, email servers, and file transfer applications.
The rise in technical sophistication among organised crime groups has made these vulnerabilities more accessible, raising concerns that such attacks will persist.
Phishing and credential theft
Phishing continues to be a primary method for delivering malware, with attackers constantly evolving their techniques to bypass security defences.
The report also pointed out the increased use of fake websites and search engine optimization (SEO) poisoning, which deceive users into downloading malware, posing a significant risk to financial services organisations.
Supply chain vulnerabilities
Supply chain attacks are identified as a major risk for financial services, with breaches at key suppliers potentially leading to widespread industry disruption.
The future of cyber threats in the financial services sector
The report concluded that, despite the financial services sector’s generally higher investment in cybersecurity, it will likely continue to be a primary target for cybercriminals.
The interconnected nature of the industry means that breaches can cause extensive damage, especially during periods of geopolitical instability. The potential for artificial intelligence (AI) to enhance cybercriminal capabilities is also highlighted, though it has yet to produce undetectable or fundamentally new threats.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!
