Learn more about the latest ESG updates from the SEC. ...
What were the most common cyber attack patterns in the financial and insurance industry in 2023?
In support of Cybersecurity Awareness Month, we are examining reported incidents by industry. The focus of this article will be on the financial and insurance sector.
Despite the plethora of standards and regulations affecting the financial and insurance sector, threat actors continue to target this group at an alarming rate. In fact, finance and insurance was ranked as the most attacked sector for four consecutive years between 2016 and 2020 according to the IBM X-Force Threat Intelligence Index.
So why are threat actors continuing to go after this sector despite the regulatory and compliance obligations that ensure minimum control hurdles that make it more difficult to compromise? The answer is pretty simple: the pure volume of sensitive data.
In fact, the Verizon 2023 Data Breach Investigations Report (Verizon DBIR) found that 97% of the reported incidents were financially motivated, and 74% pursued personal data – motivation and targets that go hand-in-hand in the cybersecurity world.
And while some may think this sector has extra protection with so many regulations and standards, extra layers of protection exist because this sector is so often successfully attacked.
So, what were the most common cybersecurity attack methods in the financial and insurance sector in 2023?
According to the 2023 Verizon DBIR, 77% of all reported incidents in the financial and insurance sector were basic web application attacks, miscellaneous errors and system intrusions.
Basic web application attacks are exactly what they sound like: attack methods that require low complexity including brute force attacks. Brute force attacks are simply when threat actors use automation to gain unauthorized access by guessing usernames and passwords. Companies can reduce their risk by limiting the number of login attempts from individual IP addresses or automatically locking accounts after too many failed logins. Additionally, increasing the strength and complexity of passwords can decrease the likelihood of success for threat actors implementing brute force or other password cracking techniques.
Also, companies should keep up to date on when their data has been part of previous breaches and change the security information – as many threat actors may just source security credentials from previous breaches and apply them to new ones.
Miscellaneous errors are another simple threat with major consequences and occur when protected data is sent to the wrong person.
Just think about the pure volume of protected data such as social security numbers of clients and beneficiaries, financial account information and corporate data exchanged every day in this sector – both electronically and physically – and what could happen if it falls into the wrong hands.
The threat of miscellaneous errors goes beyond stolen data and breached accounts. A threat actor armed with the right information can employ social engineering to impersonate both customers and companies to advance attacks.
The security burden also falls on the end user in this case. Be sure to update your physical mailing information and change your passwords if you have been part of a breach, and use different passwords for different accounts. Don’t let a breached password be a master key for all of your personal and private information.
System intrusion is the more sophisticated of the top three attack methods and is more methodical in that these attacks leverage malware and hacking to gain access, which can include ransomware. This attack method dropped from 27% to 14% compared to 2022 because miscellaneous errors increased, but it is still a popular attack method in the financial and insurance sector.
Organizations across all industries can be proactive against system intrusion attacks by employing more comprehensive intrusion prevention and detection capabilities within their network security strategy, such as System Information and Event Monitoring (SIEM), Security Orchestration Automation and Response (SOAR) and Managed Detection and Response (MDR) to emphasize automated controls which scale to improve effectiveness of preventing attacks.
This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. Additional articles include:
It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.
About Cybersecurity Awareness Month
Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year's campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.