Phishing attacks are fast-growing and now represent the most common type of cybersecurity threat targeting the UK financial services industry.
These phishing scams are attacking banks, credit unions, credit card lenders, insurance companies, as well as other businesses that manage money.
According to the Financial Conduct Authority (FCA), (a financial services industry watchdog group based in London), in 2018, 93 cyber attacks were reported by finacial services firms.
Of these 93 reported cyber attacks, 48 of these involved phishing, 19 were ransomware attacks, 16 included malicious code and 10 were distributed denial of service attacks.
The FCA have said that overall, 819 outages were reported by financial services firms last year; 11% of these were due to cyber attacks. The rest of the outages were down to third-party failures (21%), hardware and software problems (19%), and glitches due to change management (18%).
However, it's not unusual to see a spike in cyber incidents because the introduction of GDPR saw laws introduced that required all organisations to report certain types of security breaches; resulting in more incidents being reported. But it is important to note that just because more organisations are required to report all cyber incidents, this does not mean that cyber attacks are not on the rise either; because they are.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising themselves as a trustworthy entity in an electronic communication. This makes financial services firms the perfect target.
Phishing attacks can come in many forms such as, social media feeds, search engines, browser extensions, pop-ups etc.
The Executive Director of the FCA says, "it is a major concern that a lot of firms seem to be trying to get the basics right on cyber,"
"Only the largest firms have automated their detection systems to spot potential cyber attacks. Smaller firms are generally relying on old-school, manual processes - or no process at all."
Phishing scams are becoming much more sophisticated, with the addition of a lifespan decrease, as less time is needed to gather valuable personal information. This means that by the time anyone has caught on to the fact that a cyber attack has taken place, the attackers have long gone.
Cyber attacks are extremely creative now too, hosting malicious pages under what would be considered legitimate domains.
Ultimately, financial services firms should adopt more modern technologies that will be able to instantly detect any cyber threats to their organisations.
Cyber attackers are always going to get more sophisticated and creative, so it is best that those who are prime targets are prepared.