20 January 2023

Cybersecurity, a priority for the financial sector

Rebeca Trujillo, Cybersecurity Manager

Since the extensive use of the Internet began, criminals and organized crime groups have begun to expand their scope of action into the digital environment. The main motivation is direct or indirect financial gain, but there are also other potential objectives such as damaging the reputation or image of organizations.

In this sense, financial institutions have always been in the spotlight and, although they are probably one of the most cybersecurity-conscious sectors, their attractiveness has been further enhanced, in addition to the possibility of direct profit, by the amount of information they handle on their customers, which opens the door to massive data theft and its subsequent exploitation.

Given this scenario, in which the number of cyberattacks continues to increase year after year, cybersecurity has become a priority. Not only for companies, but also for regulators, who are increasingly demanding compliance with security measures. This has become evident in recent years with the publication of the NIS directive or the forthcoming entry into force of DORA for the financial sector.

How do interconnected environments and the supply chain affect cybersecurity?

Today we cannot talk about the financial sector as a group of isolated companies, because when we talk about a company's cybersecurity, we cannot limit ourselves to thinking about its systems, its networks, or its employees, it is necessary to consider its entire ecosystem; all those companies to which it is connected, or on which it is dependent: suppliers, customers, partners, etc.

This concept of supply chain security has been gaining momentum in recent years, due to the increase in the number and impact of incidents. Such is the relevance that, according to IBM, 17% of critical infrastructure breaches occurred because a business partner was initially compromised. We can find some examples such as the Solarwinds incident, where a software package used by thousands of companies was compromised, serving as a gateway for cybercriminals to companies that made use of this software.

As is always the case in the security world, criminals take advantage of the weakest link in the chain to commit their attacks. What this means is that it is more attractive for cybercriminals to compromise a less protected piece of software, but one that is also present in many environments and can serve as an access point to attack larger, better protected companies. In fact, Gartner predicts that by 2025, 45% of organizations worldwide will have suffered attacks on their supply chain software.

What other trends does 2023 have in store for us?

The beginning of the year is marked by the climate of political and economic uncertainty and, technologically, we are still under the effects of the pandemic, which has brought with it significant changes: the increased digitalization of many companies, the exponential increase in the consumption of digital services and the relocation of many workers thanks to remote work. These factors, together with the current growing trend in companies to migrate their services to the cloud and enable access from mobile terminals such as smartphones, are increasing the attack surface.

In this context, these are some of the trends that will concern us in cybersecurity throughout this year:

  • Impacts of the current political climate: The growing tension of recent months may lead to an increase in hacktivism and the increased use of destructive ransomware attacks on critical infrastructure. In this type of attack, data is locked without a ransom being demanded to recover it. Reduced international cooperation may also mean less ability to prevent and contain cyber incidents early.
  • Persistent attacks: Complex attacks, such as Advanced Persistent Threats (APTs) will continue to proliferate in 2023. These types of attacks are protracted in time and aim to penetrate organizations in a persistent manner, either to steal data or gain access to the most sensitive parts of the organizations.
  • Zero-trust security strategies: With the offshoring of workers and services, the way organizations protect themselves has changed and the concepts of "inside" and "outside" no longer exist. While companies traditionally focused on having a secure perimeter and once inside that perimeter, security measures were reduced, today many companies are migrating to zero trust strategies, where it is no longer presumed that the company is a secure environment and that threats only come from the outside.
  • The golden age of social engineering: Social engineering continues to be one of the most popular entry points, as cybercriminals take advantage of natural human weaknesses, such as fear, urgency or trust, but today, with the proliferation of social networks and Artificial Intelligence technologies that allow deepfakes to be created, it is even more relevant as an entry channel for attacks on organizations.
  • Over-reliance on cloud services: The increase in energy prices and the rise in price and unavailability of hardware in recent months has precipitated even more growth in cloud services to the detriment of on-premises services. While this strategy can be an accelerator, we cannot forget the cyber risks associated with these services and the lack of clarity, in some cases, regarding responsibilities for implementing and maintaining the relevant security measures.
  • Reduced insurance coverage: Some insurers, such as Zurich, have already announced that insurance against cyber-attacks could be terminated or their coverage reduced, due to the high impact of this type of incident. This means that companies will have to invest more in protecting themselves against such events, as they will not be able to transfer the risk involved. Insurance against cyberattacks is no longer profitable for insurers. According to Cybersecurity Ventures, damages could reach $10.5 trillion by 2025.