How to Prevent Finance Breaches: New Insights from Verizon’s 2020 DBIR

Rajesh Gopinath
By Rajesh Gopinath

June 3, 2020

Finance organizations remain prime targets for cybercrime - as confirmed by Verizon’s just-released 2020 Data Breach Investigation Report.

In their report, Verizon compiles recent breach data from over 80 different contributing organizations. At Paladion, we are proud to be one of those contributing organizations for yet another year. Further, we have found that Verizon’s analysis of the current breach landscape aligns with our own experiences monitoring and defending organizations in the Finance space.  

Read on, and learn about what has changed in the Finance breach landscape over the last year, what specific threats are currently targeting organizations in this sector, and what you can do to defend yourself over the coming year - to prevent your organization from becoming another data point in Verizon’s survey.

New call-to-action

Finance: The Second-Most Breached Industry in 2020

In the past year, the Finance industry saw 1,509 security incidents, with 448 of those incidents resulting in confirmed data breaches. Among all sectors, Finance organizations suffered the second-highest volume of confirmed data breaches, right behind Healthcare organizations (who suffered 521 confirmed data breaches).

Most of these data breaches are of unknown size. Verizon found that 32 of the data breaches were small, and 28 were large, but they were unable to determine the size of the remaining 388 data breaches.

These findings suggest that Finance organizations may lack the visibility required to thoroughly investigate their data breaches, which can lead to even greater issues. If Finance organizations cannot determine the spread of the data breaches they suffer, then it is likely they are suffering more damage than they think, and have not fully remediated the entire scope of the successful attacks they have suffered.  

Given the volume of successful breaches that Finance organizations suffer, and the wide range of attacks thrown at them, they must consider developing greater visibility into their breaches over the coming year.

The Threat Landscape for Finance Organizations

Verizon’s data indicate that Finance organizations must protect themselves from a wide range of threats that are clustered into two primary categories Web Application attacks and Miscellaneous Errors. These two categories of attacks accounted for 81% of all data breaches that Finance organizations suffered over the prior year.

The Miscellaneous Errors that resulted in breaches were primarily:

  • Misdelivery
  • Misconfiguration
  • “Other”
  • Publishing Error
  • Programming Error
  • Disposal Error

Verizon correctly states that it is disturbing to realize that these errors - caused primarily by carelessness and failure to follow good security practices by non-malicious internal employees - created approximately as many data breaches over the last year as intentional attacks launched intentionally by malicious actors.

The remainder of the Finance sector’s breaches in 2020 were caused by Privilege Misuse, Crimeware, Payment Car Skimming, Lost and Stolen Assets, Cyber Espionage, Denial of Service, Point of Sale attacks.

Finance organizations also experienced a large volume of attacks; the report classifies as “Everything Else.” These attacks did not provide enough data to lump them into any other category and include “average, yet successful” attacks such as phishing attacks and business email compromise (which the report notes are increasing in popularity among malicious actors), as well as an increasing number of social engineering attacks (which primarily arrive via emails posing as a message from senior executives).

While the cause of data breaches was a near-even-split between external and internal actors, most incidents (whether they lead to a data breach or not) were initiated by external actors. They accounted for 64% of all security incidents over the prior year, while internal actors only accounted for 35%. In some good news, members of the Finance industry’s Partner network only accounted for 2% of incidents.

New call-to-action

Why Finance is Such a Targeted Vertical

91% of the actors who initiated threats against Finance organizations had financial motivations. Only 3% of actors had espionage-related motivations, and an additional 3% were acting off a Grudge. 

To achieve their financial aims, these actors targeted personal information in 77% of their attacks. 35% of these actors sought Credentials, and 32% were seeking Bank information, specifically. It is interesting to note that - given these percentages - malicious actors are seeking multiple types of data to achieve their aims. Malicious actors appear to have learned that Finance organizations can be successfully targeted from multiple vectors and that there are many ways to achieve the financial aims behind their attacks.

Given all of these findings, it is clear that Finance organizations must reconsider their security posture, and determine if they need to start leveraging multiple new approaches to protecting their valuable data - and the financial accounts that they must safeguard.

How Finance Organizations Can Protect Themselves

Verizon’s report offers a few suggestions that Finance organizations can follow to improve their defenses, namely - they can implement security awareness and training programs, better protect their boundaries, and establish more secure configurations.

We do agree with these suggestions; however, we would extend a more detailed recommendation that goes further than Verizon’s. It is clear that Finance organizations must also consider implementing:

  • Managed Detection and Response to provide an overall layer of 24/7 defense across their entire organization, given the wide range of attack vectors suffered.

  • User Behavior Monitoring given the fact so many of their successful data breaches were caused by internal user error.

  • Configuration Control and Monitoring given they appear to have challenges internally creating the secure configurations that Verizon recommends.

For Finance organizations that take these results seriously, we further recommend a complete layer of Managed Detection and Response over their entire environment, to provide comprehensive end-to-end protection.

If you are interested in learning how to bring these defenses to your Finance organization, reach out to Paladion today.

New call-to-action