A US-based online security provider finds that more than one-quarter of all cyber-attacks target financial services. finews.asia looks at the full price of a digitalizing industry.

There is one clear and indisputable way that finance leads the world of business. They are more prone than anyone else to get hacked, at least according to US-based cybersecurity provider Imperva.

In a recently posted blog post redirected to the media on Friday, the company said financial services is «consistently the most targeted industry», accounting for 28 percent of all attacks. The next-placed industry, the general business sector, came in second at 14 percent.

Hackers typically had two main reasons for targeting banks – the potential for significant payouts and large, valuable data troves that can be either used or sold.

Digitally Weak

Several weaknesses inherent in many financial institutions helped point the way for cybercriminals, among them unsecured banking data and inadequate passwords.

Application programming interfaces, or APIs, which connect different bank applications and systems, and are frequently used when banks digitalize their services, were another potential weakness.

«Although APIs make things easier for customers and developers, they introduce a whole new world of threats. Because they’re designed to be accessible, APIs are by nature open and easy to use, making an API a ripe opportunity for attackers to access backend databases», Imperva said.

Open Banking 

That risk is only increasing given the increasing prevalence of open banking, particularly if the API is not properly documented or maintained by developers or the bank, which appears to be increasingly prevalent.

Another favorite method of cybercriminals is the use of so-called denial of service attacks (DDoS), which trended higher in 2022.

«DDoS can also be used to conduct extortion and ransom financial institutions into paying the attacker to restore functionality. If an attacker is able to disrupt the functionality of a large financial institution and impact their ability to serve customers, they may be willing to pay large amounts of money to restore service,» Imperva said.

Bad Bots 

Then there are the bots. In another ode to the foresight of a certain Isaac Asimov’s three laws of robotics, they are not all good. 

According to Imperva, 50 percent of all traffic on financial sites comes from bots and 27 percent from bad bots. 

With that, it seems many have developed a mind of their own, conducting account takeover attacks, credit card fraud, data scraping, or simply targeting API weaknesses.

Future Threats 

Much of the discussion in the media, particularly in Swiss finance circles, has been mostly about the more positive aspects of bank digitalization, fintech, and crypto more generally.

But, as part of that discussion, it might be wise to pay just as much attention to the potential threats they may pose, given the numerous data leaks and similar instances in recent years, and as recently evidenced by last year’s «Swiss Secrets» leaks.