Mobile threats affecting financial services by the numbers
To understand this sector’s exposure to cyber threats, we analyzed six months of security data from 225 of our Financial Services customers that, collectively, have 50,000 devices under management. There were 4.7 million events across these devices, averaging around 21,000 events per customer, on mobile alone.
“The threat of cyber security may very well be the biggest threat to the US financial system”
Jamie Dimon, CEO, JPMorgan Chase
It’s unsurprising to see that Financial Services companies are more of a phishing target than other types of companies, with 57.33% financial services companies experiencing phishing attacks relative to 42.2% cross-industry.
A report by the ACCA – Cyber and the CFO – suggests 69% of FS companies recognize phishing and spear phishing attacks as an applicable threat against their organization.
According to another study, financial services employees are most likely to click on a phishing email, with 29% admitting to clicking on a phishing email at work, relative to the cross-industry average of 11%.
Phishing attacks are a daily threat for Financial Services companies and employees need regular training to help identify phishing attacks—not only via email, but also through social media and other messaging platforms. However, given the growing sophistication of phishing campaigns, FS companies can’t rely on awareness training as the only layer of defense. A multi-level approach needs to be adopted at the endpoint and in the network to offer comprehensive protection against phishing.
Despite all of the scaremongering around malware, it’s not as big an attack vector as people typically think, with less than 1% of companies having experienced malware attacks. However, they do occur and cybercriminal groups are becoming highly targeted in their approach. For example, a Whatsapp vulnerability that enabled spyware to be installed on targeted devices was by no means a wide-scale attack, but the potential impact was substantial.
On average, 18.6% of companies have experienced mobile cryptojacking attacks. This came in slightly higher for Financial Services firms at 26.67%. Financial Services users appear to use devices more responsibly than users in other industries, so the overall device impact is less notable than that of some other threat vectors like phishing.
Financial Services employees have seen a high number of incidents associated with man-in-the-middle attacks and risky hotspots (35.56%) compared to cross-industry figures (24.05%). Of the risky hotspots, 59.67% in the Financial Services sector were travel-related, indicating that FS employees who travel need greater protection.