Cybersecurity: A Pre-requisite in Financial Services

The increasing concern lies not only in the volume of attacks but also in the overall growth in complexity, efficiency, and speed of attacks. Ongoing threats to financial institutions are incurring significant costs, with The World Economic Forum estimating that the cost of cybercrimes over the next five years could reach $8 trillion USD. Cybersecurity in finance in Vancouver provides valuable insights into the impact of cybersecurity threats locally.

More than 90% of cyberattacks targeting financial services currently stem from the following types of attacks:

• SQL Injection Attacks: This type of attack involves adding malicious Structured Query Language (SQL) code to a web form input box to gain unauthorized access to or manipulate the database. SQL injection attacks are commonly used to steal sensitive data from financial organizations.
• File Inclusion Vulnerabilities: These vulnerabilities, such as Remote File Inclusion (RFI) and Local File Inclusion (LFI), allow for the execution of malicious code on servers. They can lead to various consequences, including Denial of Service (DoS) attacks, website defacement, and data theft.
• Cross-Site Scripting (XSS): XSS involves injecting malicious code into legitimate websites, which gets executed when visitors load the website. This can lead to data compromise and theft from financial accounts.
• OGNL Java Injection Attacks: Object-Graph Navigation Language (OGNL) is an expression language used in Apache Struts, a common development framework for Java-based web applications. OGNL injection attacks exploit vulnerabilities in OGNL to execute malicious code.

Hackers are also increasingly leveraging AI to steal sensitive data, manipulate legitimate AI data or algorithms, automate tasks in cyberattacks, and create new cyber-threats, such as the Emotet trojan malware.

Advanced Persistent Threats (APTs) are used as a long-term tool in cybercrime, aiming to infiltrate organizations and remain undetected for prolonged periods.
Malicious insider attacks are particularly costly for financial services firms, with each attack costing an average of US$243,000 to resolve and taking an average of 55.1 days to be resolved.

Protecting the financial system and customers’ personal information from cybercrime is critical for Canadian banks. The effectiveness of security measures depends on factors such as the organizational structure, board involvement, risk management practices, and investment priorities.
Investing in managed security and integration services, as well as seeking cybersecurity measures from Managed Service Providers (MSPs) like ActiveCo, can help banks ensure end-to-end secure technology implementation.