Trust has always been the cornerstone of the banking industry. Without customer confidence that their assets are secure, banks cannot function. A reputation for having the strongest vaults with the thickest walls and unpickable locks is fundamental.
But, as the means of protecting financial assets has moved from the physical to the digital realm, the role of custodian of customer trust has shifted inexorably onto the shoulders of CISOs. Now, cybersecurity is not just essential to preventing criminals from theft, it has become a brand protection imperative.
VMware’s annual Modern Bank Heist report has identified critical escalations in the sophistication and co-ordination of attacks against the financial services sector. Cybercriminals and nation-state actors are capitalising on the dual disruptions of the global pandemic and banks’ ongoing digital transformation programmes to broaden and deepen their attack techniques. They are no longer focused simply on direct monetary gain through wire transfer fraud, but on hijacking the digital transformation of a financial institution through island hopping, and holding them hostage to the threat of destructive attacks.
Island hopping escalates as attackers hijack banks
38 percent of the financial institutions surveyed in the study said they had encountered island hopping, representing a 13 percent increase over 2020 (respondents were asked to exclude the SolarWinds campaign from their response).
Island hopping has become the attack vector of choice because, as banks have digitised and their supplier ecosystem has grown, the attack surface has expanded correspondingly; there is quite simply more opportunity now than ever before. And to capitalise on it, cybercrime cartels have taken the guesswork out of the game by studying the interdependencies of financial institutions.