As banks were predominately where the money was, in our digital age, the modern criminal can steal vast quantities of money armed with little more than a laptop and an internet connection. The cybertheft market is now believed to be worth in excess of a trillion dollars globally.
These types of crimes are safer, more lucrative, and thanks to the challenges with attribution, apprehension and prosecution of computer-based crimes, a criminal’s odds of getting caught and spending time in jail are orders of magnitude less. This evolution in financial crime was underlined by a recent report from BAE Systems and Swift. It is an approach that has been mastered by the BeagleBoyz crime group. These attacks are highly coordinated to overcome the inherent limitations on the amount of cash each individual machine can dispense. Indeed, the report highlights a recent attack that was conducted in 28 countries across just two hours, with a total of 12,000 withdrawals made in that timeframe.
As more of our payments are made digitally, these payment systems are also a highly lucrative target for attack. Phishing attacks have also been on the rise in recent years. There has also been a surge in so-called executive whaling in recent years. The COVID crisis has also seen an increasing willingness to target insiders to gain access to critical value information. All of which should be of considerable concern for financial services companies. This is especially given the significant growth in digital-only banking in recent years. Cyber threats have become one of the most pressing concerns across the financial services sector globally. There is a need not only for cyber resilience at the firm level but also at the sector level.
Despite this, there remains a consensus that spending on cybersecurity is insufficient. Cyber criminals, who are becoming more specialised and professional, are devoting considerable resources to breaking into your organisation. Hence it is vital that similar rigour is applied to keeping them out, detecting them as quickly as possible when your prevention strategies fail and recovering from successful attacks. Positively, the need to act is clearly recognised across the industry, so now the key is to ensure that concern translates into meaningful actions.