Forces Shaping the Next Generation of Cyber Threats to Financial Institutions

Financial institutions have long been the leading targets for cybercrime. The industry provides the multiple avenues for hackers to monetize their skills through extortion, theft, and fraud. Early intrusions by script kiddies and hacktivists were mostly motivated by a desire to build a reputation in the hacker community, but were relatively unsophisticated and did little damage. By 2000, however, cybercriminals were starting to see the potential of computer intrusions, and since then have become more organized, technically skilled, inventive, and brazen.  Nation states also target the financial sector, for political reasons (e.g., Iran in Operation Ababil), commercial espionage, or simply to steal (e.g., North Korea’s attack on the Central Bank of Bangladesh).

The threat landscape for financial institutions is again being transformed. The explosion of digital financial services and mobile banking has exponentially expanded the attack surface that criminals can exploit.  At the same time, the proliferation of easy-to-use malware and contract hacker services on the black market has made what were once exclusively nation-state capabilities available to a wide range of malicious actors.

Defenses continue to evolve, but attackers do not give up, they adapt. Better training, a growing cyber workforce, greater investment, and new technologies have given financial institutions more tools to defend their networks, but attackers find new ways in, and law enforcement’s capacity to bring attackers to justice remains limited. This report looks at the forces shaping the threat landscape for financial institutions – changes in the attack surface, attacker incentives, and new defenses – and what they mean for the industry.