A new study has found that the financial industry stands out against other market sectors, and not for a good reason. Of all the industries prone to data breaches, financials are leading the pack in “breach-ability”.
eMoney Advisor reports that financial services firms are the most likely to be impacted by lousy publicity that spawns from exposure of what should have been private data. The study found that at 5.7%, the industry has the highest abnormal churn rate in the U.S. economy. Although cyber attacks make lots of headlines, that doesn’t equate to firms and their preparedness to defend against them. The report explains that they lack the resources, infrastructure or experience to keep them at bay.
On average, financial firm breach costs nearly $7 million, and a recent report found that in 2017, 25% of such firms were hit; in 2016, 20% of firms suffered a breach. The reason for data breaches can change depending on the industry, with hackers of retail and government systems usually looking for data to sell online. Within the financial sector, hackers are typically looking to steal money or data directly from customers, eMoney says.
Some of the tactics hackers utilize are the business email compromise (BEC), which tricks someone in the company into distributing funds to a fake account; ransomware, shutting down a company’s systems until a ransom is paid; and phishing, which is the most common in financial sector companies. Phishing emails lure the recipient into clicking on a link, attachment or website that can then infect the computer with malware.
Attacks are getting more diverse and more frequent, with the risks including having to deal with angry clients and offering free or discounted services to them, time spent dealing with the situation, damage to a company’s reputation and the cost of lost customers. Some of the things that eMoney Advisor recommended to protect data include:
1. Two-factor authentication, which makes it more difficult to gain access to client accounts without proper credentials
2. Encryption also keeps hackers at bay from being able to make sense of data if they’ve hacked indirectly
3. Backups, which can protect against ransomware by allowing companies to restore their data.
Vendors must be watched, and a disaster recovery plan just for cyber attacks should be in place. Companies ought to be prepared to review “lessons learned” in the wake of a problem.