Cyber defences in financial services sector worsen
The level of cyber risk facing the financial services sector has increased significantly in the last 12 months, according to new research by international cybersecurity consultancy Coalfire.
Coalfire’s second annual Penetration Risk Report identified that financial services firms are more susceptible to cyberattacks than they were a year ago, with the number of businesses at high risk of attack from cybercriminals increasing by 41%.
The report details the cybersecurity credentials of more than 500 businesses of all sizes across five high risk sectors: technology, retail, healthcare, education and financial services. Of all those tested, the report found that only the financial services sector had suffered an increase in risk from last year’s report.
Out-of-date software was highlighted as the biggest contributing factor to the increased level of risk, with Coalfire’s study identifying that flawed legacy software – well-known to hackers – is still commonplace within major companies and financial institutions.
Security in the sector was further hampered by consistent vulnerabilities generated by internal issues such as insecure protocol, patch management and password flaws.
Human error was a persistent theme across all five sectors involved in the study, with almost three-quarters (71%) of businesses breached by phishing attacks. In a fifth (20%) of the businesses tested, more than half of all their employees shared sensitive data as a result.
Andy Barratt, UK managing director at Coalfire, said: “In a year in which the number of IT failures within the financial services sector has been heavily criticised by UK MPs, attacking outdated IT systems remains like shooting fish in a barrel for sophisticated cybercriminals. By their nature, financial services firms have access to huge amounts of sensitive data and funds, so it’s critical that the sector moves quickly to close the widening gaps in its armour.
“The results of the report simply reinforce the need for a cyber strategy that encompasses both software and people to eradicate the all-too simple errors that can lead to major breaches. It only takes one employee to click on the wrong link or unwittingly share sensitive information to a fraudulent email and a hacker is in. This makes security basics, such as limiting employee access based on their role and educating staff on how to spot suspicious activity, vitally important.”