< Back to Insights
Person with credit card at laptop

COVID-19 Impact: Financial services cyber security programs

2020 has seen a sharp increase in cyber security attacks increasing by 33% between January and March. This has been directly attributed to the ongoing Covid-19 pandemic which continues to fundamentally impact all of our lives. Below is a breakdown of the monthly volume of all the detection categories:

  • 26.3% increase Spam/opportunistic detections
  • 30.3% increase Impersonation detections
  • 35.16% increase Malware detections
  • 55.8% increase Blocking of URL clicks

Whilst the findings above span all sectors banks and financial services organisations have seen a 38% increase in cyber attacks between February and March. These findings make uncomfortable reading highlighting the need to review and modify security programs.

Remote working securely  

For many financial services businesses, the pandemic has meant significant changes to how and where their employees work. This has led to IT environments having to become more flexible and robust to facilitate people logging on from home increasing the possibility of an attack vector being opened to exploitation by hackers.

Remote employees can take various steps to work securely such as using a VPN, encrypting data, have up-to-date antivirus software and a firewall in place. Despite having these safeguards, the sophistication of social engineering and phishing attacks require employees to be highly vigilant at all times. Arguably it’s advisable to review what cyber awareness training is required to help further educate and protect your business whilst lockdown remains in place.

The challenge for security leaders

For CISOs and security leaders adapting to this new way of working has inevitably meant allocating more time, money and resources to ensure they operate securely. The FS-ISAC recently revealed 75% of financial institutions security teams implemented swift changes to their cyber security programs to accommodate remote working conditions.

The key challenges are maintaining the high levels of security needed with disbanded employees alongside still being able to adhere to internal security procedures, regulatory standards and compliance such as FCA and ISO 27001.

Taking all these aspects into consideration it’s now more important than ever to focus on having the right security programs and measures in place to adapt to the “new normal”. Many are predicting remote working will be far more commonplace which has a range of benefits, especially for attracting the best talent. Twitter have already announced their employees can work from home indefinitely if they choose with others also following suit.

How our customers have responded

Over the last few months, we’ve seen our financial services customers increase their penetration testing and vulnerability management activity significantly. In parallel, our banking customers have been working on PSD2 security projects such as VAPT testing Open Banking APIs to ensure they are compliant. With the volume and sophistication of cyber-attacks increasing at such a fast pace it should come as no surprise that security is of paramount importance to avoid becoming the latest headline.

Attackers are continuously looking for weaknesses in known and shadow assets with the aim of accessing personal data and money. Ransomware, phishing, data leakage and exploiting vulnerabilities in insecure applications are all methods regularly attempted across the financial services sector.

Whilst social engineering continues as a preferred method for cyber criminals, web and mobile applications also pose potential risks. The Equifax breach acts as an example whereby an out-of-date version of Apache Struts caused devastating ramifications for both victims and the business itself.

Embrace security automation and trusted security testing

The threat landscape evolves at a rapid rate, security budgets are stretched and economically businesses are facing unprecedented times. Security teams are having to do more with less and are embracing technologies that automate security processes and labour-intensive tasks and processes.

Hackers are constantly searching for shadow IT assets that could provide access to critical systems if an attack was successful. Not having a complete view of your internet facing assets is a problem many businesses share. Over time and left unmanaged shadow IT assets can become a significant risk and become susceptible to hacking techniques. Continuous attack surface management is becoming a crucial tool in many modern businesses to map and be alerted to vulnerabilities.

Penetration testing remains a core element of security programs ensuring web applications, external and internal infrastructure aren’t susceptible to attack. With internal network infrastructure testing being required for FCA, PCI DSS and ISO 27001 compliance it’s important to factor this into planning. Our response to the pandemic has been to introduce a remote internal penetration testing service so our clients can fulfil this requirement without needing a penetration tester onsite

Managing cyber risk in the new normal   

Looking forward security teams need to have continual risk assessments in place especially with teams working remotely for the foreseeable future. Many will be evaluating the best use of their resources and budgets to mitigate cyber threats in light of remote working practices. Implementing relevant controls, continuous vulnerability and attack surface management solutions will bolster defences aiding faster remediation of threats.


More from

security trends

5 Tips to scale your cyber security

Learn how to adapt your cyber security program as your business and online environments grow.

Read Article >

COVID-19 Impact: Financial services cyber security programs

2020 has seen a sharp increase in cyber security attacks increasing by 33% between January and March.

Read Article >

How machine learning is used in cyber attacks

Machine learning is not only utilised by security professionals, but by adversaries with malicious intent. How are they using this to improve their cyber attacks?

Read Article >