Did you know that only half of a dolphin’s brain goes to sleep at a time? This enables them to rest while remaining alert to any potential dangers. Being aware of possible risks, including cyber threats, is, of course, also important to humans and the businesses they run.In this, our third and final look back on 2022, we review some key cybersecurity trends that have been impacting community financial institutions (CFIs) this year.Evolving Cyber Risks on the RiseCheck Point’s midyear cybersecurity survey highlighted a 42% increase in weekly cyberattacks in the first half of the year, continuing the upward trend of the past few years. CFIs are prime targets for cybercrime given the large volumes of valuable customer data and financial resources they hold. The rise of remote and hybrid working, the ongoing shift to digital solutions, and reliance on third parties for certain functions have all made CFIs even more vulnerable to cyberattacks this year. So, it is perhaps unsurprising to see cybersecurity ranked as the biggest internal risk as well as the most important current and future technological challenge in the 2022 CSBS National Survey.The nature of these threats has also continued to evolve during 2022, with attacks becoming increasingly targeted and sophisticated. There have been more attacks involving previously unseen malware and other methods, many of which are using artificial intelligence (AI) and machine learning (ML) and going undetected as they adapt to the environments they are infiltrating. Cybercriminals are also increasingly using deep fakes, targeting APIs, and hacking Internet of Things (IoT) devices.Meanwhile, this year also saw an increase in cyber threats related to unstable geopolitics, with 65% of respondents in the VMware Global Incident Response Threat Report showing an increase in cyberattacks following the Russian invasion of Ukraine. Here are six major threats posed by cybercriminals this year.
- Ransomware has emerged as one of the biggest threats during 2022. These attacks are becoming more sophisticated, with hackers combining data leaks with ransomware to get organizations to pay the ransom. Almost 60% of respondents to the 2022 VMware report said they had suffered a ransomware attack during the past 12 months.
- Phishing scams and attempts to gain access to personal data continue to increase with the use of different channels such as SMS and voice. The Anti-Phishing Working group recorded the highest number of phishing attacks ever measured in Q1 2022. Phishing attempts linked to cryptocurrency also increased by 257% in the last year.
- Mobile is a new target, in part due to the rise of hybrid working and more employees accessing corporate data from home on mobile devices. This makes the risk of a data breach considerably higher, and these devices are also more vulnerable to malware and ransomware attacks. The rapid adoption of mobile banking has also contributed to cybercriminals targeting mobile. A record number of mobile app banking trojans was measured in H1 2022, up 117% from H2 2021.
- Cloud-based attacks have also increased, as more organizations use cloud services. Venafi found that 81% of organizations had experienced a cloud-based security incident between July 2021 and July 2022.
- Supply chain attacks increasingly pose a risk to CFIs, particularly with many institutions now partnering with third parties. Supply chains are becoming more complex and digital in nature, resulting in increased risk and vulnerability to third-party breaches. Supply chain attacks were up by 430% in 2021, and this trend is only likely to continue.
- Distributed Denial of Service (DDoS) attacks that use fake connection requests to overwhelm a website and force it to go offline have not only risen in 2022 but have also become considerably larger and more sophisticated. These were particularly prevalent in Europe following the Russian invasion of Ukraine.
Technology to Combat CyberattacksWith the average data breach costing organizations $5.97MM, detection and prevention continue to be key priorities for CFIs. Here are five ways in which technologies have been applied this year to improve cybersecurity and respond to vulnerabilities and threats.
- Best-in-class cybersecurity technologies are increasingly being used together to provide integrated and innovative flexible security models better able to respond to the changing nature of the threats posed.
- AI and ML continue to provide more advanced ways to help automate the prediction, identification, and prevention of financial fraud and other cybercrimes.
- Blockchains may offer additional security features in both the way that they can allow for storage of data, and also in how they enable safe transactions. Blockchain use also eliminates the security problem of storing data in one place. Instead, data gets stored across networks, resulting in a decentralized system that is less vulnerable to hackers.
- Regtech has grown in popularity during 2022, partly due to more governments and central banks focusing on implementing cybersecurity rules for monitoring, reporting, and compliance.
- Secure Access Service Edge (SASE) solutions — cloud-based frameworks that combine network and security services and protect data, end-users, and applications — have arisen out of organizations’ need for better security options for hybrid and remote working.
Given the continuously evolving cybersecurity landscape, it is essential that CFIs keep abreast of the rapid innovations in technology available to counteract the many threats, and ensure they have the necessary detection and prevention strategies in place. For more insights about trends in 2022, catch up on part 1, which covers lending, and part 2, which discusses talent sourcing. In a follow-up to our retrospective look at this year, tomorrow’s piece dives into PCBB President Mike Dohren’s predictions on what the economy, the market, and CFIs will see in 2023.