You are using an out-of-date browser. Update your browser or view website in basic form.

Je gebruikt de verouderde vormgeving maar je browser is volledig up-to-date.

🎙️ Expert insights on banking's evolution.Explore our podcast.

Understanding the cybersecurity threat landscape in banking

In the first blog of our cybersecurity series, you’ll learn the ins and outs of the cybercrime landscape, directly from Backbase CISO Brian Vlootman.

by Brian Vlootman

Introduction

When it comes to cybercrime, attackers tend to go where the money is. And as a banking leader, you should be concerned, to say the least. I know I am. As Backbase’s Chief Information Security Officer (CISO), I have a first-hand view of the security threats that banks are facing, and that number is steadily climbing.

 

The fact of the matter is that cybercrime is on the rise because it’s extremely profitable, and that means this trend isn’t going anywhere. And on the other hand, these attacks are particularly costly, especially for banks. In fact, according to IBM, a data breach in the financial sector can cost around $5.90 million, as of 2023.

 

To add fuel to the flames, generative AI has made it easier than ever to orchestrate phishing and social engineering attacks, now that a fake persona is only a prompt away. That means you’ll be facing increasingly sophisticated tech incursions — at a lower cost to the attacker — that could push the limits of your skill to combat. And AI is getting smarter by the day.

 

While some attackers are attempting to steal large sums of money, others aim for different targets, such as valuable customer data. But regardless of target, a successful breach of your bank’s cyberdefenses can lead to a host of issues, including operational disruption and reputational damage, to say nothing of the tens of billions of dollars in fraud-related costs. Take UniCredit’s 2018 data breach case, which recently resulted in a fine of  €2.8 million by Italy’s data protection authority. And that doesn’t even touch the true cost of fraud, which LexisNexis estimates at 4.41x the lost transaction value, including fines, fees, and investigative costs.

 

The situation may seem bleak, sure, but I promise you, there is a way to combat these attackers — all while rapidly modernizing your bank’s tech infrastructure and overhauling the customer experience, which I’ll cover later in this blog series. For now, let’s discuss the top trends and threats you should be looking for in the days to come.

What is the cybersecurity threat landscape today?

First, let’s start from a global perspective, outside the context of banking. At the moment, the top cybersecurity threat worldwide continues to be phishing schemes and social engineering attacks, which are increasingly powered by AI. After that, there’s simple credential theft, where attackers leverage stolen access rights to log in, followed by a lack of effective vulnerability management and the deployment of ransomware and malware.

 

And a lot of this is also reflected in the banking sector. Origination and onboarding journeys in particular are feeling the brunt of the attacks, particularly when it comes to social engineering. In other cases, attackers are taking advantage of weak authentication protocols to log in as a normal end-user. The exploitation of application vulnerabilities continues to be one of the main ways attackers compromise a banking system.

 

 And of course, let’s not forget the ever-popular distributed denial-of-service (DDoS) attacks. Since banks present a large attack surface, hackers are able to use this method to distract security teams while they launch additional cyberattacks, allowing them to extract a hefty ransom. In fact, according to Verizon’s research, the financial sector was hit with 1,256 known DDoS attacks in 2023 alone, second only to the information industry (1,492).

 

Unfortunately knowing the threat is only part of the battle. As a banking leader, what can you actually do to help? Well, it’s all about building cyber resilience, a topic I’ll cover at length later in this four-part series.

Up next

Improving your bank's cybersecurity

In this blog, we’ve set the scene, leaving us open to explore the solution in greater depth in the follow-up: 3 tips for improving your bank’s cybersecurity. There, I’ll share a few key recommendations to help bolster your tech defenses beyond the basics you’re already aware of. And after that, we can move on to the best approaches for achieving true cyber resilience — a lofty yet achievable goal your bank should be striving for in the years to come.