Cyber threats faced by the financial sector

May 2016 Editor's Choice, Cyber Security

Cyber threats can be broadly categorised as either a computer network attack (CNA), aiming for the disruption, degradation or destruction of information and systems; or computer network exploitation (CNE), which focuses on accessing, stealing and exploiting information. Unfortunately, both are regularly used against the financial sector. When it comes to who is behind these attacks, they come from all corners of the web, from a lone hacktivist to a full-blown state-sponsored attack.

To get a grip on the question of what are the cyber threats faced by the financial sector, we need to explore who the potential attackers are, what they’re after and what their motives are.

Who is attacking?

MWR’s research has uncovered six different types of threat actor, each with their own methods, context and incentives, but all similar in that they are a real and very serious threat to financial institutions the world over:

Nation States – Nation states have many reasons to attack the financial sector, such as aspirations to boost their own financial centres through stolen software and data or to derail the systems of another states for political ends.

Terrorists – Terrorists are increasingly using cyber means to reach their goals – Al-Qaeda has called for e-jihad in the past while ISIS are attempting to recruit hackers through social media.

Hacktivists – Hacktivists’ political motives vary, but all use cyber attacks to express opposition to institutions and policy.

Well-placed individuals – Current or former employees with insight into systems and information, or contractors managing IT, could inflict high-impact damage.

Organised crime – A major source of financially-incentivised cyber attacks, organised crime is actively pursuing the low-risk yet high yield potential of cyber crime.

Competitors – Competitors engage in cyber operations motivated by economic advantage, either directly through in-house capability, or more often through intermediary actors such as criminal hackers for hire, or nation states supporting their industry.

How will they attack?

Cyber attacks can be highly specialised and bespoke, however, the majority of hostile actors opt simply for the most time- and cost-effective methods of compromise:

Computer network attack – The most common CNA is a distributed denial-of-service (DDoS) attack, which involves overwhelming online and Internet-connected services with large volumes of traffic, thus compromising availability. The attack stems from varied, often geographically disparate sources, usually compromised computers. This provides both a force multiplier and a veil to obscure the attacker’s identity; it could even implicate an innocent party.

Computer network exploitation – Social engineering is a common aspect of CNE, whereby sophisticated attackers use highly targeted phishing attacks as opposed to attacks where emails are sent to thousands of random users. Spear phishing is extremely effective, as specific details relating to the recipient’s work or personal life might be included, making the email far more believable. Alternatively, the attacker might use watering holes, where websites regularly visited by targeted individuals are compromised and infected with malware for the targets to unwittingly download.

Here’s a list of five key conditions that, together, will help financial organisations defend against attacks:

1. A good understanding of the motives of the attacking groups likely to target them.

2. Undertake an extensive programme to identify information assets.

3. Instigate an extensive project that identifies all the attack paths connected to these assets.

4. Justify the cost of removing these attack paths, and/or consolidating the assets to reduce the attack surface area.

5. Augment their attack monitoring and response, so that attacks can be efficiently curtailed in the early phases.

Organisations need to be aware of the various threats that face them, and accept that their part in society places them in the firing line. An up-to-date threat picture and a risk management strategy that is flexible to this dynamic risk are essential.

For more information, contact MWR South Africa, +27 (0)10 100 3159,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

A platform approach to innovation and value
CCTV Handbook 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
Moving to the platform model of doing business holds tremendous advantages for end users and smaller developers, but also for the whole technology supply chain.

Open does not always mean easy integration
CCTV Handbook 2019, VERACITECH, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Customers who opt for best-of-breed solutions will have to rely on their integrators to develop customised integrated solutions for them.

The impact of AI on the surveillance industry
CCTV Handbook 2019, G4S South Africa, Hikvision South Africa, Myertal Tactical Security, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring
What the impact of AI will be on companies, the services and solutions they supply, as well as on the jobs people do.

Video analytics and AI
CCTV Handbook 2019, Axis Communications SA, Dallmeier Electronic Southern Africa , Hikvision South Africa, Technews Publishing, Dahua Technology South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Artificial intelligence has the potential to deliver real benefits in the world of video analytics and many companies are already delivering customer benefits.

Cloudy with a chance of AI
CCTV Handbook 2019 , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
One local company has developed an AI solution that can be added to existing surveillance installations, offering 24-hour intelligence.

Security surveillance architecture
CCTV Handbook 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring
IP video surveillance solutions typically have two distinctive surveillance architectures: centralised and distributed. Dean Coleman explains the difference.

Selecting the right surveillance storage
CCTV Handbook 2019, Capsule Technologies, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure
Storage is an integral part of a surveillance installation and the solution chosen can make or break the success of your project.

Cyber-securing your surveillance infrastructure
CCTV Handbook 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Speak up with audio
CCTV Handbook 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are traditionally used as forensic tools, but what if you can use your surveillance system to proactively deter incidents before they happen?