Banks and insurers are reporting significantly increased threat levels from covid-related cyber crime. Besides, a rise in challenges caused by enforced work from home guidance, is leaving open and insecure gaps in those financial firms’ IT networks. That’s according to new research by BAE Systems Applied Intelligence, the cyber and intelligence arm of defence firm BAE Systems. The cyber firm’s COVID Crime Index 2021 covers the changing nature and impact of fraud, risk and cyber threats on UK and US financial firms and consumers over the last 12 months.
A survey of 902 organisations in the financial services sector found that three-quarters (74 per cent) have experienced a rise in cyber crime since the pandemic began, with 42 per cent of banks and insurers revealing the remote working model has made them less secure. Just under half (44 per cent) were also concerned that this has led to less visibility of potential holes in their network or infrastructure and a further 37 per cent of FIs believe their customers are now at greater risk of cyber crime or fraud.
Comment
Adrian Nish, Head of Cyber at BAE Systems Applied Intelligence, says: “We’re noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organised crime. Fraudsters and cyber criminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.
“Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victims’ ability to respond to attacks. Online criminals have reacted fast, adapting their approach to hunt out remote working security gaps and prey on the vulnerable.”
The study found that a majority, 56 per cent of US and UK banks and insurers saw an upsurge in financial losses over the last 12 months – the average cost reaching $720,000 USD and rising. IT security teams are feeling further pressure from decreased budgets and team redundancies. On average, budgets within IT security, cyber crime, fraud and risk departments have been cut by a quarter (26 per cent) and 40 per cent have had to cut back on critical IT security technology spend. More than a third (36 per cent) have had to reduce the number of people in IT security over the past 12 months.
As for consumers and the personal impact of these attacks; a fifth of consumers have been targeted at least once in the past year. More than a quarter (28 per cent) said they had been sent an email hoax relating to COVID-19, with 22 per cent also being targeted by text or SMS. Even when refunded, the average amount of money stolen by cyber criminals was $1,174 USD. For those who didn’t see their money again, the average money lost was $743 USD.
A spike in online shopping due to the pandemic has also driven cyber crime. More than a quarter (26 per cent) said they had bought something from a fraudulent site in the past 12 months and never received their goods. This has led to concerns over sharing data, with most, 84 per cent of consumers saying that they were worried about their digital identity and personal information online.
More than half (53 per cent) of those surveyed believed it is the job of the banks to protect them, compared with 40 per cent that believed it was their own responsibility. The same (53 per cent) said banks or credit card providers could provide more guidance to consumers on how to behave online to be better protected from cyber crime.
Meanwhile, the Chartered Trading Standards Institute (CTSI) reports an SMS messages scam involving supermarket delivery messages.
Katherine Hart, a Lead Officer at CTSI, said: “Scammers are sending these texts to phone numbers on the off chance that the recipient has placed an order with the particular supermarket. The COVID-19 pandemic has led to a greater reliance on home shopping deliveries making the public more open to falling for this scam than ever before. The public should be aware that these campaigns are not limited to the Asda, or Morrisons brand, and they may receive messages quoting the names of other major supermarket chains.
“If you receive suspicious texts like these, please contact the supermarket if you shop with them and verify. Also, forward any scam texts to 7726, which is a free reporting service ran by Ofcom. We must share this vital intelligence with authorities so that they can grasp the full extent of this problem.”
