Why fostering digital trust in financial services institutions is a mandate

With cyberattackers shifting their focus from individual institutions to the financial sector as a whole, maintaining the trust of customers has never been more important. 

Over centuries, banking has evolved from its early ledger-based operations to the current ubiquitous presence of banks both online and in-person. Starting with the increased use of the internet in the mid-1990s, and the emergence of online banking portals that enabled consumers to effortlessly access account balances, transfer money and pay bills from the convenience of their home. Financial services institutions have since undergone a dramatic transformation in the way they deliver products and services to customers. 

We have recently observed a significant shift in the tactics of cyber criminals.  These malicious actors are transitioning from targeting individual institutions to the entire banking system. Attackers are focused on customer-related account takeovers and web scraping-related attacks, as evidenced by the notable 81% growth in bot activities targeting financial institutions.

Phishing attacks are primarily geared towards consumers (accounting for 80.7% of targets according to our recent data) rather than business accounts. This has resulted in a substantial demand on the dark web for compromised consumer accounts, which are subsequently exploited in various fraud-related schemes. Notably, this changing landscape has led to a redefined role for cybersecurity within the US Security and Exchange Commission. With this paradigm shift comes the multifaceted challenge of preserving customer trust, which is becoming more complex than ever before.

The ongoing technological revolution, driven by innovations, such as Application Programming Interfaces (APIs), Artificial Intelligence (AI), and cryptocurrencies, has removed barriers to financial inclusion. However, as these innovations expand the banking landscape, they also expose and present new vulnerabilities, requiring financial institutions to prioritise their fundamental mission of providing a secure, dependable, and trustworthy environment for global banking. 

Navigating a changing threat landscape

Recent conversations I have had with stakeholders in the financial sector have revolved around the importance of delivering fast, reliable, and secure services to customers. This mission isn't just a preference; it's a necessity that requires defence in depth against the growing deluge of cyber threats. We're confronting adversaries that orchestrate attacks on multiple fronts – web applications and APIs, the ransomware onslaught, deceitful phishing emails, insidious malware, and the relentless storm of Distributed Denial of Service (DDoS) assaults.

This continuous surge of cybercriminal activities and the unprecedented expansion of the threat landscape is evident in the continuous observance of record-breaking attacks. Last February, Akamai mitigated the largest DDoS attack ever launched against a customer based in Asia-Pacific, with attack traffic peaking at 900.1 gigabits per second and 158.2 million packets per second. Such records show that bad actors are becoming more sophisticated, employing precise targeting for maximum financial gain. Without the right defences, even financial institutions with robust, modern networks would likely collapse under an assault of this magnitude. To prevail, they must constantly adapt their strategy to combat evolving threats.

Recent trends show that API attacks have gained traction among cybercriminals: Akamai found a 3.5x surge in web applications and API attacks against financial services in 2022. APIs are critical in the financial services industry. They offer customers convenient, rapid, and reliable avenues to reach a wide array of banking products and services. They are extremely versatile, as banks and financial institutions are progressively adopting APIs across various domains – spanning from conventional operations to the innovative areas of banking as a service, platform as a service, and embedded finance. However, all of this innovation and potential to facilitate innovative business models and services comes with a cost, the expanding attack surface and entry points for malicious actors.

In addition, AI is significantly enhancing our productivity and ability to extract insights from data for enhancing customer experiences and combating fraud, but bad actors are also leveraging this technology to amplify their phishing scams, Business Email Compromise tactics, and more. Horizontal collaboration with organisations like FS-ISAC increases our ability to tap into shared threat intelligence and adapt our security infrastructure.

Cultivating a trust mindset

Amid economic uncertainty and disruptions from bad actors, financial institutions must adopt a security mindset across their entire business model to retain consumer trust. Proactive measures, such as Multi-Factor Authentication and FIDO2 passwordless biometric identification, can address some vulnerabilities and educate stakeholders about the importance of good cyber hygiene.

As banking continues its transition from physical branches to online platforms and apps, robust cybersecurity measures become ever more paramount. The increased reliance on remote banking transactions needs increased protection to compensate for the reduced face-to-face interactions. By staying ahead of cybercriminals, banking institutions can safeguard global finances for generations to come.