The sector continues to be at the forefront of new cyber risk defences with technologies such as Multi Factor Authentication (MFA), biometrics, electronic authentication.
Cloud adopting continues at a high pace, leading to an all-time-high in terms of the number of institutions availing of Cloud services with often inadequate effort being placed on Cloud security.
Ransomware continues to present a significant risk across all sectors, with financial services being no exception. We are seeing the prevalence of (double and triple) extortion which can be particularly damaging, owing to the exfiltration of sensitive data in addition to the ceasing of operations. After encrypting victim networks, threat actors use double or triple extortion by threatening to (1) release stolen data, (2) disrupt access and / or (3) inform victims’ customers, employees, partners or suppliers about the incident.
There has been a significant increase in the implementation of artificial intelligence technologies to aid detection efforts and identify fraud, identity theft, and other suspicious activities in real time.
Social engineering remains a common infiltration tactic. Staff, customers and employees are falling victim to targeted phishing attacks at ever increasing rates.
There is an increasing concern over the potential use of ‘Deep Fake’ technology to identity theft. Deep Fake technology refers to synthetic media that leverages powerful techniques from machine learning and artificial intelligence to generate visual and audio content that looks real in order to manipulate or deceive the viewer. This is a technology seeing rapid development with relatively slower development of deep fake detection technology.
There is still a balance to be struck between customer convenience e.g., mobile application payments and banking, and appropriate regulation and security.