Misplaced confidence about cybersecurity could be putting banks and other financial services firms at risk of being hacked, according to a new study.
Around 82% of professionals in the sector believe they’ve been targeted by cyber criminals in the past 12 months, and 85% say they’re confident they could spot an attempt.
But 59% go on to admit they’ve clicked on a link they later believed to be a phishing scam or potential cyber attack, of which 20% say they’ve done this ‘many times’.
Over a third (37%) also use weak or easy-to-guess passwords such as ‘password123’ for work-related accounts or systems – and 42% say they don’t receive regular training and advice about cybersecurity.
The figures have been published by compliance skills training provider Skillcast in its latest report, Careless Clicks: Could your team spot a cyber attack?. It surveyed 200 UK finance professionals earlier this year to understand whether knowledge gaps and complacency are leaving their company vulnerable to an attack.
Vivek Dodd, CEO and Co-founder of Skillcast, said: “We probably all think we can identify a badly-worded email as a phishing attempt but today’s highly-convincing and targeted communications could catch even the most security-conscious employees off guard.
“Our survey revealed a disconnect between confidence levels, good practice and training. Cyber threats are changing all the time, so employees need to be alert to the latest tactics hackers use and get the basics right too – like choosing strong passwords, and not clicking on unsolicited links.
“This is why it’s so worrying that regular training and advice is sporadic, or non-existent, in some organisations, despite training and competence, and good cybersecurity processes, being key requirements of the FCA.
“Complacency, lack of awareness of the current risks, and poor procedures for flagging concerns make for a dangerous mix. If systems are brought down, and sensitive commercial and customer information is compromised, firms could face significant operational disruption, not to mention the loss of consumer and investor confidence, and substantial fines.”
Dr John Kingston, senior lecturer in cybersecurity at Nottingham Trent University and one of the report’s contributors, added that identifying cyber attacks is becoming more difficult in the age of artificial intelligence (AI):
“Poor quality content used to be one of the telltale signs of a cyber attack but AI has allowed hackers to become more sophisticated. One of the biggest emerging threats is deepfake AI, where the faces and voices of employees and employers are cloned to extort valuable information or money.
“Hackers target weak systems – but ultimately they’re more likely to target humans because they’re easiest to deceive.”
The report also includes insights from three leading compliance experts, Katharine Leaman, CEO of Leaman Crellin and advisory board member at Skillcast; Scott Morris, Senior Adviser at StoneTurn and Skillcast advisory board member; and David Kenmir, Chair of Skillcast’s advisory board and INED (formerly Managing Director at the FSA and Risk, and Regulatory Partner at PwC).
Download your copy of Careless Clicks: Could your team spot a cyber attack?
