Financial services sector at increased cybersecurity risk, report warns

Credit: Maksim Kabakou

Over there last twelve months, the financial services sector has faced a significant increase in cyber risks, new research has revealed.

The findings are taken from the second annual ‘Penetration Risk Report’ from cybersecurity consultancy Coalfire.

It found that financial services firms are more susceptible to cyberattacks than they were a year ago, with a 41% increase in the number of businesses at high risk from cybercriminals.

The report details the cybersecurity credentials of more than 500 businesses of all sizes across five high risk sectors: technology, retail, healthcare, education and financial services.

Of all those tested, the report found that only the financial services sector had suffered an increase in risk from last year’s report.

Out-of-date software was highlighted as the biggest contributing factor to the increased level of risk, with the study identifying that flawed legacy software is still commonplace within major companies and financial institutions.

Security in the sector was further hampered by consistent vulnerabilities generated by internal issues such as insecure protocol, patch management and password flaws.

Human error was a persistent theme across all five sectors involved in the study, with almost three-quarters (71%) of businesses breached by phishing attacks. In a fifth (20%) of the businesses tested, more than half of all their employees shared sensitive data as a result.

“In a year in which the number of IT failures within the financial services sector has been heavily criticised by UK MPs, attacking outdated IT systems remains like shooting fish in a barrel for sophisticated cybercriminals,” said Coalfire’s UK MD Andy Barratt.

“By their nature, financial services firms have access to huge amounts of sensitive data and funds, so it’s critical that the sector moves quickly to close the widening gaps in its armour.

“The results of the report simply reinforce the need for a cyber strategy that encompasses both software and people to eradicate the all-too simple errors that can lead to major breaches.

“It only takes one employee to click on the wrong link or unwittingly share sensitive information to a fraudulent email and a hacker is in.

This makes security basics, such as limiting employee access based on their role and educating staff on how to spot suspicious activity, vitally important.”