Stormy Weather: Cybersecurity in the Pandemic

‍
The COVID-19 pandemic has brought many cybersecurity challenges that may persist as economies open up. The latest challenges have accelerated trends towards increased sophistication of cyberattacks as well as the increased need for better cybersecurity. According to Cybersecurity Ventures, $128 billion in annual cybersecurity spending seeks to mitigate the $6 trillion+ in cyber-related losses expected. Since the pandemic hit, we have seen a dramatic upswing in identity spoofing, phishing, trojan attacks, and other security breaches. Some of the factors that made these possible could continue even as shelter-in-place and social distancing restrictions are beginning to ease. 

What are the implications for financial services companies? What are the implications for FinTech entrepreneurs and investors hunting the next unicorn opportunity? In this first installment of our multi-part series, we’ll look at the cyberwar currently underway in the global financial system.

‍

The Rising Tide of Cyber Insecurity

‍

Let’s first examine three primary causal mechanisms of vulnerability that are being exploited in the recent spate of cyberattacks:

‍

Remote Work Environments: CISOs in financial services have created robust security infrastructures within their corporate networks. While they have to navigate the not-always-straight line between usability and security with varying levels of usefulness for the end-user, major financial infrastructure employs an array of systems in the office setting to protect against the infiltration of corporate networks. Unfortunately, the COVID-19 crisis has upended this carefully architected infrastructure.

‍

In the current situation, many more people are working from home. Perhaps they are using their personal machines or work devices, but they are typically interfacing over home Wi-Fi networks. They may or may not have installed mobile VPNs on their smartphones and tablets. In addition, they very likely have not secured the array of Internet of Things (IoT) home appliances they have pervading their houses and apartments, a grid of potential points of network infiltration that historically have had weak security. Not to mention the numerous internet-enabled listening devices ranging from smart TVs to so-called smart speakers (such as Amazon Echo and Google Home), representing a new frontier of cyber vulnerability as potential targeted attacks could listen in on executives speaking out loud on video calls or phone calls. 

‍

New environments and new work behaviors call for new protective systems and approaches to improving worker cyber literacy.

‍

Vulnerable Workforces: Human error or action is typically responsible for more than 60% of cyber breaches. The COVID-19 crisis has seen cybercriminals gleefully exploiting this attack vector with new and rapidly evolving techniques and systems. With regular work patterns and systems disrupted and people unsettled by the daily headlines related to the pandemic and, more recently, civil unrest, the cognitive burden on the average person is high. Cybercriminals have noticed: phishing attacks are up 600%, according to Barracuda Networks. Social engineering and associated malware assume new and maliciously targeted forms, ranging from defrauding the Norwegian State Fund of $10 million of grant money to hacking the World Health Organization with a ransomware attack. Business email compromise and account takeovers are fueled by a sophisticated ability to mimic persuasive language and formats while engaging with distracted and off-balance recipients. About 33% more ransomware payments were made in 1Q 2020, according to Coveware. As more systems are compromised, we expect to see this number increase in 2Q. More investment is needed both in systems and in training.

‍

E-Commerce: Card-not-present (CNP) transactions are more vulnerable to identity theft and spoofing than card swipes or EMV near-field payments. According to Javelin Research, CNP is a favored vector for criminals, with the chance of fraud being 81% more likely than point-of-sale machines. E-commerce transactions have gone up more than 200% over the same period last year thanks to the pandemic, and so has CNP fraud. Arkose Labs claims 26.5% of all transactions in the first three months of 2020 were fraudulent, a double-digit percentage increase. Card issuer Elan attributes 80% of all banking credit card losses to identity theft, and identity verification becomes more challenging in a CNP environment. In addition, card fraud is getting increasingly automated, with artificial intelligence systems replacing human-staffed cybercrime centers. This means increased losses related to e-commerce payment fraud and an urgent need for increased vigilance and improved systems.

‍

The Virtual Future

‍

So our march towards digital transformation in financial services has turned into a sprint. 

‍

What if the changes to the work environment aren’t temporary? Payments giant Square announced that its team could work from home indefinitely. Other tech giants have announced flexibility through year-end, as have many academic institutions. So what pressures might start to arise on major banks from their best and brightest employees, faced with the option of a two-hour commute to the office with physical proximity to large numbers of possibly infectious people, or a work-from-home option? The war for talent is about to open a new front, and both medical safety and convenience might encourage a longer-term shift to a more distributed workforce. And with it comes a need to rethink the security architectures of companies fundamentally.

‍

In turn, incumbent financial giants, in the throes of digital transformation and cost rationalization, must notice the savings they could generate from reducing their physical footprints by downsizing office space and closing bank branches. So what does cyberinfrastructure look like in this distributed environment?

‍

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.