Powered by MOMENTUM MEDIA
the adviser logo
Tech

Financial sector continues to be high cyber target

by Sam Nichols7 minute read
Financial sector continues to be high cyber target

The financial services sector had the second-highest number of data breaches between January-July and is increasingly experiencing malicious attacks, according to new reports.

Two separate research reports have highlighted that the financial services sector is continuing to be targeted by malicious cyber attacks, demonstrating the need for vigilance and increased cyber security.

To continue reading the rest of this article, create a free account
Already have an account? Sign in

The latest Notifiable Data Breaches Report, published by Office of the Australian Information Commissioner (OAIC) every six months, has revealed that between January and June this year, roughly 58 per cent of data breaches in the financial sector were considered to be malicious or criminal related.

Human error accounted for 30 per cent of the financial sector’s data breach notifications during this period. 

Advertisement
Advertisement

The sector, which covers “banks, wealth managers, financial advisers, superannuation funds and consumer credit providers”, was found to have reported the second-highest number of data breaches across all sectors.

It reported 52 notifications (or 13 per cent of the total sum). Only health service providers experienced more breaches, according to the OAIC.

Australian Information Commissioner and Privacy Commissioner Angelene Falk commented: “The finance sector has been among the top two industry sectors to notify data breaches since the Notifiable Data Breaches scheme began in February 2018.

“Unfortunately, financial institutions are an attractive and lucrative target for cyber criminals, and the risk of this activity is not going away.”

She urged those in the finance space to “focus on improving security and revising systems and processes for identifying and responding to data breaches”.

“Financial institutions should also prioritise training staff on secure information handling practices and make sure they understand how personal information must be handled throughout the information lifecycle,” Ms Falk concluded. 

Similarly, as reported by our sister brand Cybersecurity Connect earlier this month, Imperva Research Labs found that web attacks towards the financial sector had increased by 38 per cent between January and June 2021. 

According to Imperva Research Labs, an arm of the California-based cyber security firm Imperva, cyber criminals were increasingly targeting the industry with distributed denial of service (DDoS) and ransom DDoS attacks to disrupt operations, and to steal sensitive data via specific web applications attacks – namely data leakage, RCE/RFI and cross-site scripting (XSS).

“The sharp increase in attacks is linked to the rapid digital transformation that has taken place throughout COVID,” said Stuart Wilson, APAC vice president for financial services at Imperva, adding that these forms of attacks are growing in size and consistency throughout Asia Pacific. 

He noted that the financial services sector had invested significantly to expand their digital products and services to customers, adding: “At the same time, more and more customers are required to transact online in lieu of face-to-face contact – this digital expansion has created more opportunities for cyber criminals.

“The increased reliance on online banking and other financial services means the impact of a DDoS disruption today is greater than it has ever been before,” Mr Wilson continued. 

“A few seconds of downtime can equate to hundreds of thousands in lost revenue and have a lasting impact on a brand’s digital reputation. This makes it an effective tool for cyber criminals.”

In January this year, Imperva Research labs also found that more than 870 million records of sensitive data had been compromised during that month alone – a figure higher than 2017’s total figure of compromised records.

Additionally, data from Scamwatch shows a 53.4 per cent increase in reports about investment scams received, up from 3,104 in the first half of 2020, to 4,763 reports so far in 2021.

In addition to taking victims’ money, scammers often commit fraud or identity theft using the information they obtained from the victim.

Broking industry threats

Recent instances have also highlighted that the broking industry is not immune from this threat, with reports of attackers successfully impersonating brokers and borrowers to intercept payments.

One particular scam involves an attacker impersonating a broker over email, which led to the broker’s client depositing money into the criminal’s account rather than a settlement account. As a result, the client lost their funds.

The WA government issued a warning about similar scams targeting home buyers earlier this year, following reports of prospective home buyers irretrievably losing hundreds of thousands of dollars after being misled by hackers posing as settlement agents.

The WA commissioner for consumer protection, Lanie Chopping, commented at the time: “Payment redirection or ‘man in the middle’ scams are becoming all too common, with email accounts being hacked and cloned, with demands for money being made in situations where the victims may be expecting to receive such a request, so are less likely to question it.”

Brokers can be particularly susceptible to hacking and data breaches from malware, “phishing” – where dubious links are sent by a hacker in an attempt to access personal accounts, and general deception. 

Attacks such as these can lead to consequences that include loss of funds, the publishing/ransoming of confidential client and financial information, and identity theft. 

Regulators in the finance space have also experienced incursions recently, with the Australian Securities and Investments Commission having experienced an incident of “unauthorised access” on one of its servers, which meant it had to update its to Australia Credit Licence application process.

One method of protection encouraged by the Australian Cyber Security Centre is for businesses to introduce a system that requires at least two proofs of identity in order to grant access, also known as multifactor authentication. 

[Related: ASIC to update ACL process following security breach]

Financial sector continues to be high cyber target
data platform ta
TheAdviser logo
data platform ta

Sam Nichols

Sam Nichols

AUTHOR

Sam Nichols is a journalist at The Adviser and Mortgage Business. His reporting has featured in a range of outlets including ABC News, SBS' The Feed, and VICE.

JOIN THE DISCUSSION

You need to be a member to post comments. Register for free today

MORE FROM THE ADVISER

mark pesce futurist ajxjkn

Automation is changing, not replacing, the role of finance brokers

On Thursday (4 August), the Australian Financial Review (AFR) ran a story with the headline: “Finance brokers top...

READ MORE
des hang carbar zaheer jappie carclarity ta qtvnqr

CarClarity confirms partnership with car subscription platform

Established in March 2020, CarClairty is a finance platform that connects car buyers with more than 30 different...

READ MORE
anthony albanese profile ta vtpifc

Further grants confirmed for flood survivors, $47m pledged

According to a statement released by the federal government, the Back Home grant will be made available to impacted...

READ MORE
magazine
Read the latest issue of The Adviser magazine!
The Adviser is the number one magazine for Australia's finance and mortgage brokers. The publications delivers news, analysis, business intelligence, sales and marketing strategies, research and key target reports to an audience of professional mortgage and finance brokers
Read more