Due to the sensitive personal and financial information they manage, financial services firms are frequently targeted by adversaries. The potential for financial gain, data theft, and damage to reputation makes data security a paramount concern in the sector. So says a report on the most significant cybersecurity risks that financial services firms encounter, by the cyber firm Netskope Threat Labs.
Users uploading regulated data to personal cloud apps is a data security risk in financial services, the study suggests, as it found that some 13 per cent of the user population regularly is uploading data to personal apps and most, 83 per cent of businesses in the sector are putting controls in place to prevent such uploads. A growing data security risk in financial services is users sending regulated data, intellectual property, and source code to genAI apps; near all, 95pc of companies are using these apps and setting controls to reduce the risks.
Personal apps
Personal apps in the sector pose a risk, the study shows; as near all, 92pc of financial services workers regularly use personal apps, and 13pc regularly upload sensitive data to these apps. Most, 74pc of personal app data policy violations involve uploads of regulated personal and financial data.
As for social engineering risk, phishing and malware continue to be significant risks; some 4.7 out of every 1,000 users are clicking phishing links and 9.8 out of every 1,000 users are clicking other malicious links, each month. The study found that the code-sharing platform GitHub was also the most popular cloud application for delivering malware. Nearly half of the tracked phishing attacks mimicked cloud apps and banking institutions. Microsoft was the most commonly mimicked brand among cloud phishing attacks, while DocuSign and Adobe baits were also frequently used to steal login credentials. Some 4.7 out of every 1,000 users are clicking phishing links and 9.8 out of every 1,000 users are clicking other malicious links, each month.
Comment
Ray Canzanese, Director of Threat Labs at Netskope, said: “The sensitive personal and financial information that organizations in the financial services industry manage makes them a prime target for adversaries, who rely heavily on social engineering to gain a foothold into their target organizations. Phishing and malware have become very prevalent, with nearly 1.5 per cent of users encountering a phishing page or malware download every month. This high rate of attacks underscores the importance of robust anti-phishing and anti-malware strategies within the industry.
“Personal app and generative AI risks are top of mind for financial services organizations seeking to protect the sensitive personal and financial information they manage. As genAI adoption continues to increase, organizations are still playing catch-up, implementing new controls like data loss prevention (DLP) and real-time user coaching to reduce risks.”
