Cyber threats faced by the financial sector

May 2016 Editor's Choice, Cyber Security

Cyber threats can be broadly categorised as either a computer network attack (CNA), aiming for the disruption, degradation or destruction of information and systems; or computer network exploitation (CNE), which focuses on accessing, stealing and exploiting information. Unfortunately, both are regularly used against the financial sector. When it comes to who is behind these attacks, they come from all corners of the web, from a lone hacktivist to a full-blown state-sponsored attack.

To get a grip on the question of what are the cyber threats faced by the financial sector, we need to explore who the potential attackers are, what they’re after and what their motives are.

Who is attacking?

MWR’s research has uncovered six different types of threat actor, each with their own methods, context and incentives, but all similar in that they are a real and very serious threat to financial institutions the world over:

Nation States – Nation states have many reasons to attack the financial sector, such as aspirations to boost their own financial centres through stolen software and data or to derail the systems of another states for political ends.

Terrorists – Terrorists are increasingly using cyber means to reach their goals – Al-Qaeda has called for e-jihad in the past while ISIS are attempting to recruit hackers through social media.

Hacktivists – Hacktivists’ political motives vary, but all use cyber attacks to express opposition to institutions and policy.

Well-placed individuals – Current or former employees with insight into systems and information, or contractors managing IT, could inflict high-impact damage.

Organised crime – A major source of financially-incentivised cyber attacks, organised crime is actively pursuing the low-risk yet high yield potential of cyber crime.

Competitors – Competitors engage in cyber operations motivated by economic advantage, either directly through in-house capability, or more often through intermediary actors such as criminal hackers for hire, or nation states supporting their industry.

How will they attack?

Cyber attacks can be highly specialised and bespoke, however, the majority of hostile actors opt simply for the most time- and cost-effective methods of compromise:

Computer network attack – The most common CNA is a distributed denial-of-service (DDoS) attack, which involves overwhelming online and Internet-connected services with large volumes of traffic, thus compromising availability. The attack stems from varied, often geographically disparate sources, usually compromised computers. This provides both a force multiplier and a veil to obscure the attacker’s identity; it could even implicate an innocent party.

Computer network exploitation – Social engineering is a common aspect of CNE, whereby sophisticated attackers use highly targeted phishing attacks as opposed to attacks where emails are sent to thousands of random users. Spear phishing is extremely effective, as specific details relating to the recipient’s work or personal life might be included, making the email far more believable. Alternatively, the attacker might use watering holes, where websites regularly visited by targeted individuals are compromised and infected with malware for the targets to unwittingly download.

Here’s a list of five key conditions that, together, will help financial organisations defend against attacks:

1. A good understanding of the motives of the attacking groups likely to target them.

2. Undertake an extensive programme to identify information assets.

3. Instigate an extensive project that identifies all the attack paths connected to these assets.

4. Justify the cost of removing these attack paths, and/or consolidating the assets to reduce the attack surface area.

5. Augment their attack monitoring and response, so that attacks can be efficiently curtailed in the early phases.

Organisations need to be aware of the various threats that face them, and accept that their part in society places them in the firing line. An up-to-date threat picture and a risk management strategy that is flexible to this dynamic risk are essential.

For more information, contact MWR South Africa, +27 (0)10 100 3159,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Top seven trends for the security industry
Hikvision South Africa Editor's Choice
Expect security systems to become even more deeply integrated and comprehensive, expanding with capabilities that are now shouldering tasks that are more intelligent, to improve efficiency in security as well as other operational functions.

AI’s take on physical security trends
Technews Publishing Editor's Choice
In Issue 1 every year, Hi-Tech Security Solutions looks at expected trends in the security industry, incorporating views from different sources. This year is no different, except we have a new contributor, ChatGPT from OpenAI.

Developing an effective CCTV control room culture
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
Organisational culture in organisations can be seen as the set of values, practices, focus, standards and behaviours, and ways of interacting with others that are accepted and subscribed to by the people who work there.

Women in Security
Technews Publishing Editor's Choice News
Hi-Tech Security Solutions together with ASIS International’s South Africa Chapter, will be focusing on women working within the South African physical security services and information technology sectors during 2023.

Enter the 2023 South African OSPA Awards
Editor's Choice News
Nominations for the 2023 South African Outstanding Security Performance Awards (OSPAs) in six categories have been extended and entries can be submitted until 18 April 2023.

Hardening physical security against cyberattacks
Genetec Editor's Choice Cyber Security IT infrastructure
As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cybercrime has risen steadily, along with tools to combat it. Geopolitical tensions have the potential to rapidly unleash devastating cyberattacks worldwide.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.