Consumers Feel Threatened by Financial Cyberattacks

Consumers believe financial institution cyberattacks are currently the second biggest threat to the U.S. financial system; and finserv employee errors and malware are the biggest risks to their monetary data.

Those are among the findings in the “2019 Morphisec Consumer Financial Cybersecurity Threat Index.” Israel-based Morphisec, which provides endpoint protection and has U.S. headquarters in Boston, surveyed 1,000 consumers, weighted for the U.S. population, to examine how the increasing amount of financial cyberattacks and the threat of hackers targeting the U.S. financial system affects consumers’ mindset.

The threat index reported attackers target the financial service industry 300 times more frequently than businesses in other sectors. Broken down further that comes to 1 billion times per year or 2,000 times per day. The Morphisec’s “December 2018 Morphisec Labs Threat Report,” found banking Trojan horses represented 25% of all attacks, up from just over 16%.

“With financial institutions facing an ever-increasing risk from advanced, evasive threats continually targeting their security controls, consumers are justified in worrying about how much their financial service providers are investing in protecting their financial data and accounts,” Andrew Homer, vice president of security strategy at Morphisec, said. “Effectively training employees on common threats and investing in innovative cybersecurity technologies are what will ultimately help mitigate the risk of sophisticated attacks and win back consumer trust.”

Homer also noted, “Adversaries are getting more sophisticated, with more people resources and time than ever before to focus on how to exploit weaknesses. But it is a cost, time, effectiveness equation for the attacker who will always first go for the low hanging fruit.” He added, “On the other side, the economics of financial institutions, and specifically credit unions, to defend are in a constant struggle to secure against that growing wave of advanced threats without creating a burden tax of added cost and complexity to defend.”

Highlights from the 2019 Morphisec Consumer Financial Cybersecurity Threat Index:

• Consumers believed cyberattacks on financial institutions are currently the second biggest threat to the U.S. financial system, trailing only the threat posed by an escalating trade war.
• Sixty-five percent of customers said their financial service providers do not invest enough in cybersecurity to protect their financial assets.
• Consumers believe financial-service employee error and malware posed the biggest risks to their financial data.
• Fifty-seven percent of customers held trust in financial service providers’ cyberdefenses effects their likelihood to do business with them.
• Consumer believed private cyberdefenses are better than government defenses in the financial sector.
• More than half of consumers admitted they do not use strong passwords to protect their financial accounts.

Homer pointed out basic security hygiene can snuff out the easy targets. “Simple things like password policies and hardened authentication to make sure we do not just give out the golden ticket to the attacker.” The Morphisec vice president emphasized these are policy measures. “The other focus needs to be on smarter prevention measures, which is often ignored.” He added, the endpoint itself is what the attacker is trying to get to as their ultimate beachhead, to steal credentials and personal financial information.

“Most credit unions are trying to keep up against the adversary by adding more alarm bells and detectives after the crime happened,” Homer suggested. “A better approach is to focus on a smarter prevention strategy to outsmart the attacker to make sure they don’t get to the crown jewels in the first place.”

With such high stakes in the financial services industry, Morphisec — which recently discovered the sophisticated hacking group FIN8, which has a long history of attacking point-of-sale systems is back again targeting U.S. businesses — said it is actively working to improve defenses and protect consumer financial data and funds for financial providers and even the U.S. government.