Skip to content

Expert Forum: Cyber Security Risks Facing FII and Mitigation Strategies

The Partnership

August 22, 2022

Blog Categories

By Adolph Barclift, Chief Information Security Officer at Five Star Bank

 

According to IBM’s Cost of a Data Breach 2021 report, the average cost of a major cybersecurity incident to a business or organization is more than $4 million.

That’s a staggering number, but it puts the importance of information security for businesses and organizations under the spotlight—and attached to blaring sirens and alarms—that this problem deserves. In my more than 20 years as a cybersecurity professional, I’ve seen the banking industry become a prime target for external threats such as credential-stuffing, phishing, and ransomware attacks. Digital banking and banking as a service (BaaS) initiatives have greatly increased the attack surface of foreign investing funds (or FII), and are now facing threats that are often interconnected—and will persist for the foreseeable future.

But as a whole, properly managing information security is about making connections between various events to see the relationships. To do this, you need to understand the threats, how they can become interconnected, and how this interconnection could wreak havoc on your business or organization.

Here is an exploration of main threats commonly encountered, and why defending against each should be made a priority for your operations.

Ransomware

Devised as detrimental software to block access to a computer system and elicit a financial ransom from those affected, ransomware continues to act as an effective tool for informational security disruption. These malware maneuvers doubled from 2020 to 2021, and for banks specifically, attacks on partners pose nearly the same risk (from a data export perspective) as an in-person attack on the bank itself.

Over the years, the use of ransomware has gained popularity by perpetrators because of the ease of purchase, use, low cost, and generation of desired payout. According to a recent data breach investigation report from Verizon, these attacks represent 64% of all malware incidents reported. Virtually anyone can initiate a ransomware attack that could pay for itself in a single attempt if they can obtain valid access to a victim’s operating system—which is typically done via the next theat.

Phishing

Phishing attacks—typically through SMS or email—are generated to gain an entry point into the organization, compromise the credentials of both the target and those who the target interacts with, and are the root of all evil as it relates to cybersecurity risks.  The reason is simple; it’s far easier to exploit a person and capture data than it is to exploit a hardened operating system on a physical device.  This is often done by impersonating a senior official within an organization (such as the CEO or CAO), a trusted vendor, or customer.

A recent report in the New York Times revealed more than 11 billion scam texts were sent in March 2022 alone; and these messages are simple to produce and cheap to deliver at a scale that makes them extremely effective. And unfortunately, attacks are becoming easier and more effective, thanks to the growth of AI-as-a-Service (AIaaS). This makes the need for vigilant defense and awareness more vital than ever.

Compromised Credentials

From effective phishing expeditions comes employees with compromised credentials, and presents yet another imperative cybersecurity risk.

As detailed above, compromised credentials are the launch point for cyber-attacks. It’s the basis by which most malicious activities occur, including scanning of file shares, new account creation, payroll, and access to other systems. Customers or members whose personal and payment information is accessed poses a dual threat to the businesses and organizations infiltrated by phishing perpetrators, compromising the individuals and the company.

In all cases, the objective is to move up the information value chain to access higher-value assets. But with more than 290 million victims of these attacks in 2021 alone, it’s a problem that threatens everyone, regardless of position or affluence.

Shortage of Cybersecurity Skills

Cybersecurity roles in any organization require a unique combination of skills, including knowledge of computer architectures, understanding of computer operating systems and their administration, and an expert familiarity with networking, email, and messaging formats.

These skills are critical in banks, specifically—but unfortunately, individuals who boast these skills are currently at a premium. According to a recent report by cybersecurity firm Trellix, nearly a third of the cybersecurity workforce is planning to leave the industry in the near futurecreating a dearth of needed professionals as the threat of attacks becomes more sophisticated and grows at a frightening rate. That same report detailed that 85% of polled organizations claimed a workforce shortage is impacting their ability to secure their IT systems and networks.

Globally, there are 3.5 million unfilled cybersecurity jobs, with about half a million unfilled in the U.S. This problem can’t be alleviated overnight, but training and recruitment for these positions needs to be addressed as urgently as any cybersecurity threat.

 

About the Author

Adolph Barclift joined Five Star Bank as its Chief Information Security Officer (CISO) in 2020, and now serves as subject matter expert responsible for the development and delivery of a comprehensive information and cybersecurity program protecting the bank’s assets, employees, and customers.

 

 

 

Interested in producing an Expert Forum for your organization? Contact our Member Engagement Team: Nancy McNamara and Ann Brooker.

Related Posts

Expert Forum: How in-community customer service helps its customers, neighborhoods thrive.

By communications@thepartnership.org | November 7, 2023

More than ever, healthcare organizations must connect customers with services that provide value, while understanding their concerns on a local level. Superior customer service can support everything from business retention to brand promotion and improved access to healthcare options.

Expert Forum: Third-party ratings are good for your health.

By communications@thepartnership.org | October 2, 2023

Third-party ratings are a good predictor of how satisfied employers and their employees will be with their health plans, and how well they may be taken care of when they need services. Learn the key factors behind the NCQA rating system, and discover why Independent Health is at the top.

Expert Forum: Key questions employers should ask before choosing group health coverage

By communications@thepartnership.org | September 29, 2022

Several studies underscore the cost of poor health on worker productivity, including a 2018 study by the Integrated Benefits Institute which found costs related to lost productivity from illness amounts to $530 billion annually, or 60 cents for every dollar employers spend on health coverage.

Expert Forum: Will a sports injury, genetics, or overactivity affect me or my child as we age?

By communications@thepartnership.org | September 7, 2022

You might not think about it when you’re a teen or young adult, but the orthopaedic injuries we experience in our youth can have implications later in life. Your genetic makeup may also play a factor in joint deterioration or mobility as you get older, but it’s not all doom and gloom: You or your child CAN make a full recovery and also take steps to stay healthy as you age! Here are some common scenarios that Excelsior Orthopaedics treats people for every day.