Financial services firms are facing an increased risk of cyberattacks. A report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) found that the number of cyberattacks targeting financial services firms increased by 25% in 2022.
The report, titled Navigating Cyber 2022, is based on the threat intelligence collected and analyzed by FS-ISAC from its thousands of member financial firms in more than 65 countries. The report highlights key cyber threats facing the financial sector in 2022 and beyond, including third-party attacks, zero-day vulnerability exploits, and the resilience of ransomware groups. Many major incidents in 2021 exploited vulnerabilities in third-party suppliers, posing risks to financial firms. Additionally, the report notes the rising prevalence of zero-day exploits and the evolving tactics of ransomware groups, which continue to adapt despite increased scrutiny and operate from safe-haven countries.
The report also warned that global tensions could fuel further attacks by state-backed hackers and patriotic hacktivists, who may target financial institutions for espionage, sabotage, or influence operations. The report cited examples of such attacks in 2021, such as the SolarWinds breach attributed to Russia, the Microsoft Exchange hack attributed to China, and the Colonial Pipeline attack attributed to DarkSide.
The report advises financial services firms to bolster their cybersecurity resilience through proactive measures, including implementing multi-factor authentication (MFA) for sensitive accounts, conducting routine penetration testing and vulnerability scans, educating staff to recognize and thwart phishing and social engineering attempts, regularly backing up and encrypting data, and promptly reporting suspicious activity to FS-ISAC and law enforcement for investigation and support.