fbpx
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
No Result
View All Result

How the Finance Industry Can Respond to Cybersecurity Threats in the Post-Pandemic World

Olga Polishchuk by Olga Polishchuk
August 31, 2020
in Fraud Risk and Analytics, Industry Opinions, Security
0
How the Finance Industry Can Respond to Cybersecurity Threats in the Post-Pandemic World

How the Finance Industry Can Respond to Cybersecurity Threats in the Post-Pandemic World

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The COVID-19 outbreak has presented a formidable challenge to global government bodies, health organizations and citizens, but hackers view it as something else: an opportunity – especially in targeting the finance industry

A Boston Consulting Group report found that financial services firms are 300 times more likely than other companies to be targeted by a cyberattack and at an average cost per company of $18.5 million, higher than any other vertical market, according to an Accenture’s study. These trends will only accelerate as cyber criminals increase their efforts to exploit the pandemic.

Incidents and news developments reflect this heightened state of caution for finance-related cyber crimes:

A joint alert from the U.S. government

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, the Internal Revenue Service (IRS) and the United States Secret Service (USSS) issued a joint alert in May for “all Americans to be on the lookout” for fraud attempts using “coronavirus lures to steal personal and financial information.” In particular, adversaries are seeking to disrupt economic payments from initiatives such as the Coronavirus Aid, Relief and Economic Security (CARES) Act, the $2 trillion economic relief package intended to support American businesses and individuals economically burdened by the coronavirus pandemic, according to the alert.

The Federal Trade Commission (FTC) warns of tax schemes

In April, the FTC issued guidelines to avoid pandemic-related IRS stimulus payment scams. “The IRS won’t contact you by phone, email, text message, or social media with information about your stimulus payment, or to ask you for your Social Security number, bank account, or government benefits debit card account number,” according to the FTC statement. “Anyone who does is a scammer phishing for your information.”

Charity, stock and Small Business Administration (SBA) incidents on the rise

The Small Business Association disclosed in April that a data breach of its online application portal may have compromised the personally identifiable information (PII) – including Social Security numbers, income amounts, names, addresses and contact information – of nearly 8,000 businesses seeking Economic Injury Disaster Loans. In the same month, the U.S. Securities and Exchange Commission (SEC) published an alert about unlicensed individuals and unregistered firms promising high returns on stocks of companies claiming to market products that can prevent, detect or treat COVID-19. “You may lose a lot of money if you invest in a company based on inaccurate or unreliable claims or rumors,” according to the alert. “False claims about a company’s products and services are sometimes part of a ‘pump-and-dump’ scheme where fraudsters profit at the expense of unsuspecting investors.”

Then, in June, the Cybercrime Support Network warned that adversaries are setting up bogus COVID-19 charity sites and sending out phishing emails posing as charities to get intended victims to make donations.

Online credit card skimmers target ecommerce sites

With more consumers shopping online due to the pandemic, adversaries are leveraging Magecart credit card skimmers in attacks against online customers. Magecart is a consortium of different threat groups known to take advantage of vulnerabilities in third-party ecommerce platforms to inject payment-stealing script in checkout pages. In April, Magecart attacks on online retailers jumped 20 percent.

It doesn’t help that, before the pandemic, hackers already considered the financial industry a primary target: Based upon its analysis of nearly 41,700 security incidents and more than 2,010 breaches, the 2019 Verizon Data Breach Investigations Report (DBIR) reported that the industry accounted for 927 of those incidents (ranked #4 among all sectors) and 207 of the breaches (third overall, behind only the public sector and healthcare). These organizations also suffered the second-highest average cost of a data breach at $5.86 million – 49 percent greater than the $3.92 million global average for all industries, according to the 2019 Cost of a Data Breach Report from the Ponemon Institute and IBM.

So how should your financial organization address these challenges and threats? We recommend the following three steps:

Sensitize your workforce to COVID-19 scams

Your employees are your first line of defense. Basic education about the pandemic threat landscape – what are the latest attacks, and how should users respond when they receive a suspicious link or attachment in an email from an unfamiliar/untrusted party? – will go a long way. (For starters, they should not click on anything unfamiliar or untrusted, and they should forward these emails to the IT department.)

Encourage password security

Cybersecurity authorities recommend implementing vigorous password policies to ensure that all workers are using strong passwords (with difficult-to-crack, non-sequential numbers and letters, along with symbols and a mix of case-specific capital and non-capital letters) and changing them on a regular basis.

Update and strengthen bring-your-own-device (BYOD) rules

According to recent research, more than three-quarters of remote employees use unmanaged, insecure personal devices (BYOD) to access corporate systems. Organizations must update rules and standards so IT teams and employees can securely manage these devices.

We could not have predicted COVID-19, or the resulting increase in cyber attacks. However, financial organizations can still prepare for the worst in this new, evolving environment. Ultimately, it begins and ends with your people – the more employees know about current threats, good cyber hygiene and device security, the better positioned you’ll be to defend your network, systems and devices. These practices have proven over time to protect, whether during a pandemic or not.

Tags: Covid-19CybersecurityFinancial ServicesFraud Risk and Analytics
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily
    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    This SDK and API Toolkit Enables Developers to Build Payment Solutions

    This SDK and API Toolkit Enables Developers to Build Payment Solutions

    January 26, 2021
    Breaking Down the CFPB’s Earned Wage Access (EWA) Announcements

    Breaking Down the CFPB’s Earned Wage Access (EWA) Announcements

    January 25, 2021
    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    January 22, 2021
    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    January 21, 2021
    Building C-Store Customer Loyalty Programs With Relevant Rewards

    Building C-Store Customer Loyalty Programs With Relevant Rewards

    January 20, 2021
    How PayPal Achieves High Authorization Rates

    How PayPal Achieves High Authorization Rates

    January 19, 2021
    Explaining the Bill Payment Ecosystem

    Explaining the Bill Payment Ecosystem

    January 15, 2021
    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    January 14, 2021

    Connect With Us

    • Advertise With Us
    • About Us
    • Terms of Use
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • COVID-19
    • News
    • Events

    © 2021 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

    WEBINAR:
    How Digital Acceleration Will Affect The Payment Industry

    Please join us for this panel discussion on addressing the challenges to pave the way to payments innovation and profitability and gain insights on the key trends and challenges impacting the payments landscape in North America.

    REGISTER