Financial Services Brace Themselves for Increase in Email-Borne Cyberattacks

  • Financial Services (FS) companies expect to see an influx of email-borne attacks during 2021 due to increased volumes in email (81%), according to research.

    Accordion to a report from cybersecurity firm Mimecast, 62% of FS organizations believe that it’s likely, extremely likely or inevitable that their company will experience negative business impact from attacks originating from emails. The research also found that 60% of its respondents saw increases in phishing with malicious links or attachments over the past year.

    Johan Dreyer, cybersecurity expert at Mimecast, comments, “The use of digital and mobile in the financial services industry is only set to increase further, so we are definitely going to witness an increase in the rate and sophistication of cyberattacks on finance firms and their customers.

    “As email remains the most common threat vector and its volume and sophistication of attacks is expected to increase, financial firms need to layer multiple security technologies to protect their email systems,” he continues. “This will ensure any active threat can be dealt with as quickly and efficiently as possible. Such multi-layered defences complement and backstop one another—if a given attack sidesteps one defence, there are others in place that can stop the threat.”

    Respondents in the report also noted that they had seen an increase in the misuse of their brands via both email and spoofed cloned web domains (42%). Some also saw an influx in their brand’s misuse in cloned websites (42%) and significant increases in emails that “misappropriated their brands” (11%).

    This could mean priorities will change for security specialists or chief information security officers (CISOs). The report found that 57% of respondents expected the volume of attacks to be among their biggest email security challenges of 2021, with 64% saying that sophisticated threats are amongst their biggest security challenges when it comes to email.

    Ransomware attacks have also stoked fear in FS organizations, with 53% of the companies surveyed saying that an attack had impacted their business within the last 12 months. Because of these attacks, 44% of companies have had to paid a ransom. Downtime has also impacted businesses, with 30% of the companies having between one and four weeks of downtime from ransomware attacks.

    “The threat of ransomware in particular and its potential costs all continue to increase,” warns Dreyer. “While most of these attacks are email-borne and layered defences can help, protecting data with rigorous backup and retention policies — that include off-network repositories — are important solutions for mitigating permanent loss of data for financial firms.”

    However, according to Mimecast’s report, necessary protections have not been put in place, with only 44% of FS companies providing security awareness training on a monthly basis or at greater frequency. Further, the largest concentration of companies provide only quarterly training.

    Of the finance firms surveyed, 47% said they did not have a cyber resilience strategy already in place.

    Mimecast’s Dreyer advises what FS companies can do to mitigate these threats: “The biggest potential difference can be made by shoring up cybersecurity’s weakest links: the people. Financial firms need to extend their leading security awareness training practices with more personalized/individualized training and greater frequency. Preserving customer trust and reputation are critical to a financial firm’s business success.