According to a recent report, 84% of financial organizations surveyed claim to have online users who have experienced successful account takeovers. And a problem doesn’t just affect users — it has a very real impact on your bottom line. The report, published by Aberdeen Strategy Research on behalf of PerimeterX, also found that the costs generated by these bot-driven ATOs can average up to 6.4% of all the revenue generated from the company's monthly active users.
The consequences of successful account takeovers have become too high to ignore. It's not just a cost of doing business; it's now a serious material risk for companies.
Why is security in the financial sector important?
Banks and other financial institutions deal with millions of dollars of transactions every day. Most of these transactions are digital, which is why they've become a primary target for cyberattacks. According to one report, financial services firms are 300 times more likely than other companies to be targeted by a cyberattack. Moreover, the aftermath of these attacks costs more for banks and wealth managers than for any other sector.
Financial organizations also handle more consumer information than any other sector. So while most people won't click on a malicious email, cybercriminals are using increasingly sophisticated and devious methods to intercept the data they want to access.
And it's not getting better: the Cost of Cybercrime Study in Financial Services: 2019 Report by Accenture found that the average number of breaches grew by 13% — from 134 in 2017 to 152 in 2018.
What are the most common threats to this sector?
Given the unprecedented scope of vulnerability, penetration, and sophistication, bots heavily impact the financial services industry. An estimated $1.5 million is lost to the industry each day from fake online leads and social engineering email scams. What’s more, ATM hacking is a daily occurrence, and so are the post-fraud billing issues from mules and call centers.
Aberdeen's report explains that account takeover (ATO) attacks and credential stuffing are a significant cybersecurity concern that can have devastating effects. Cybercriminals may use stolen usernames and passwords to reset account security features, leading to a data breach. Malicious bots are largely to blame for the rise of brute force and credential stuffing attacks. These automated programs roll through countless username and password combinations to execute account takeovers, which is how they're able to change all your passwords and effectively block you out.
How can you protect yourself and your company?
This risk isn’t one companies can ignore any longer. Here are four tips for preventing, recognizing, and removing such incidents from your organization.
- Keep your software up to date: Unpatched software vulnerabilities are the common entry points for botnet-related malware, which cybercriminals can unleash through exploit kits. It's important to keep your systems and apps up to date, which will help protect you from malware.
- Use Two-factor Authentication: 2FA is often used in the context of botnet protection because brute-force attacks are among the most prevalent system infiltration vectors. Even if threat actors guess your password, an additional authentication factor will keep them out.
- Enforce Access Controls: Follow the principle of least privilege regarding your company's digital infrastructure. If you give admin privileges to all your employees, bots can quickly spread through your system. Limit access to only what each person needs to do their job.
- Use a reputable business VPN: Unsecured internet connections bring unmitigated risk to your company. A business VPN offers an added layer of security, and more is always better than less when it comes to a sensitive sector like finance.
Investing in a business VPN service can prevent cyber attacks by enhancing your organization's network. Use a VPN for any internet-connected devices, both on and off business premises, to ensure critical data doesn't get into the wrong hands.
In the world of finance, security is more essential than ever — and these days, under more attack than ever before. In a business that deals with thousands or even millions of transactions every day, any security breaches could be disastrous. Know your enemy, and make sure you take the precautions necessary to protect your network every day.