Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Hackers Are Hitting Finance – And What You Can Do About It

December's edition of a twice-annual report that assesses financial stability in the U.K. ranked cybercrime as a top five danger facing banks - and stressed the importance of the financial industry to build resilience to attacks, learn how to recover quickly from incidents and view cyber risk as a strategic priority.

The report comes in response to an escalating spate of attacks targeting the finance vertical, including October's Dridex malware attack, which specifically targeted financial institutions and drained £20m from British bank accounts.

The uptick in attacks should not surprise you considering the 2015 Trustwave Global Security Report identified that finance and insurance is now the fourth-most commonly attacked industry by cybercriminals.

Playing field has changed

Despite the warnings, however, the majority of finance companies still don't acknowledge the increased threat of cyberattack and perhaps that is because, as an industry, finance is fairly far along in its security efforts compared to others. Unfortunately though, the playing field has changed and you need to up your game to win.

Not just about personal data anymore

Trustwave's report discovered that 57 percent of cyberattacks in the finance industry occurred via corporate and internal IT networks. Researchers also found that in many cases hackers seek financial credentials, or proprietary information such as internal communications, merchant IDs, or other corporate identity information.

It's not just about personal data anymore - it's about intellectual property, and when the stakes get this high, the hackers get smarter. Finance companies are now an even higher value target to hackers, and this means that they're prepared to play the long game for the big prize.

Hackers in it for the long haul

The Flame virus was one such attack that demonstrated just how persistent hackers can be. For a tempting reward of the magnitude offered by the finance sector, intruders are prepared to lie in wait, camouflaged within the corporate network for months, even years, learning about the environment and siphoning data until they're ready to strike you.

It's no good waiting for an attack to happen. By the time the damage becomes visible, it may be too late. Hackers may well have infiltrated already.

Bolster security with MSS

If you're part of the financial sector, you should consider augmenting specific areas if attackers do make it inside, such as threat management and incident response, to strengthen your position against increasingly sophisticated and hostile attacks. And you also must be proactive by continually scanning for vulnerabilities across databases, networks and applications. Attacks evolve and so must you.

Large financial organizations face many challenges as a result of operating across a vast infrastructure of highly interconnected global networks that must comply with the multiple regulations from each region. Maintaining the security now required against today's threats is no easy task for an in-house team.

Through managed security services (MSS), dedicated security teams within heavily compliant environments can take advantage of programs that are designed around their specific needs - programs that can advance their threat detection and response with unmatched intelligence for complete visibility and control of the situation, while adhering to industry regulations.

Jane Dotsenko is EMEA marketing manager at Trustwave.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More