Everfox, a global high-assurance cybersecurity leader, today released new research exposing how financial services and banking (FS&B) organisations are struggling to combat increasingly sophisticated attacks.
However, the complexities of regulatory compliance are presenting a barrier to adopting the preventative security measures security leaders believe will be the answer.
The CYBER360 report reveals FS&B organisations are facing 114 cyberattacks each week with 94% of organisations having fallen victim to a cyberattack over the past 12 months. Phishing attacks (28%), compromised access credentials (25%) and DDoS attacks (24%) were revealed to be the most common attack types. And on average, these organisations paid more than $531,000 on the recovery costs of a cyberattack.
But it’s not just the volume of cyberattacks which poses a concern to industry security leaders. 68% of FS&B organisations believe that the sophistication of cyberattacks is increasing year on year. A complicating factor is that this risk is not only presented by external actors; one in three security leaders in FS&B organisations identify insider threats as a top security concern.
Sean Berg, CEO at Everfox, commented “The sophistication of threats posed by external and internal threat actors puts security leaders in financial services organisations under immense pressure. Not only is this translating into real financial losses through the costs of recovering from such attacks, but the heightened regulatory environment adds to this pressure. The enactment of the Digital Operational Resilience Act (DORA) earlier this year increased the requirements on financial services organisations operating in Europe at a time when the threat landscape is becoming more challenging to defend against.”
Two-thirds (65%) of FS&B security leaders believe detection-based technologies are falling short on preventing cyberattacks, claiming they cannot keep up with the increase and growing sophistication of attacks (60%), can’t prevent attacks exploiting zero-day flaws (61%) and ultimately offer a defence that comes too late as the damage has typically already been done (60%). It’s therefore unsurprising that 71% believe their organisation should be procuring more preventative cybersecurity solutions.
However, the path to preventative security is not without obstacles. 71% of FS&B organisations already find ensuring their technology stack meets regulatory requirements is a challenge. And while preventative security measures and zero trust support improved compliance, security leaders find these regulations result in more of a focus on reactive measures than proactive ones – creating a catch-22 situation.
The legacy systems typical of many FS&B organisations also play a role, with 41% calling out how the complexity of integrating preventative security solutions into existing IT infrastructure presents a barrier to taking a more preventative security approach.
“FS&B organisations are facing a perfect storm,” Berg continued. “They must balance the need for robust security against insider threats and sophisticated attacks with the pressures of regulatory compliance. Our research clearly indicates that while FS&B firms are aware of the magnitude of the cyber threat they’re facing, concerns over managing the complexity and compliance requirements of a change in their security stack are hindering their ability to adopt a more preventative stance. The industry needs to find a way to reconcile these competing pressures to ensure the security and resilience of the financial ecosystem.”
