A vast majority of organisations in the UK financial sector suffered cyber attacks in 2020 as a result of trying to navigate through fresh challenges posed by Brexit and the unending coronavirus pandemic, a new study has revealed.
A report from Ponemon Institute research centre and commissioned by security firm Keeper Security revealed that the failure of financial sector organisations to comfortably deal with Brexit and the coronavirus pandemic has led to “disastrous consequences” with hackers exploiting their discomfort to the hilt.
In a survey conducted by the institute, 57% of companies in the UK finance sector said the sudden switch to remote working exposed employees working in remote environments to cyber attacks. 41% of such companies fear that remote workers are putting them at real risk of suffering a major data breach.
While 70% of financial services companies suffered cyber attacks in 2020, 59% of such attacks were exacerbated as a result of hackers targeting people working in remote environments. “Understandably organisations were caught off-guard by the sudden lockdown due to COVID-19. As a result, they were not prepared for the affect it would have on their ability to respond to a cyberattack,” the report stated.
The survey revealed that an organisation has around 51 business-critical applications and around 56% of these can be accessed on the personal devices of employees without proper guidance. This leads to the exposure of sensitive information on platforms not protected by enterprise security infrastructure.
Cyber attacks that took place in the midst of the coronavirus pandemic resulted in major negative consequences for victims and around 50% of UK finance companies said they are still not equipped enough to safeguard their organisation.
“The adjustments to life as we know it due to COVID-19, and the limitations set to be imposed by Brexit, have seen businesses struggle adopt essential operational requirements to stay afloat,” said Darren Guccione, CEO and co-founder of Keeper Security.
“The UK finance industry needs to be especially cautious, given that the wealth of data it possesses is lucrative for cyber-attackers on the dark web. With the pandemic already throwing the sector into disarray, business leaders need to act fast and take their online security seriously.
“If they do not, 2021 and beyond looks bleak. Without rigorous security in place, financial institutions across the UK jeopardise their future. It only takes one cyber attack to destroy the reputation of the entire business.
“Since passwords are the most common avenue of attack for cybercriminals, investing in an advanced, encrypted solution that safeguards user credentials can be an easy, yet highly effective first step for financial institutions wanting to adequately protect themselves. The time for financial companies to take swift action and invest in cybersecurity is contracting,” he added.
Commenting on the hardships faced by organisations in the UK financial sector, Niamh Muldoon, global data protection officer at OneLogin, said malicious actors are take advantage of the smaller and more vulnerable financial organisations, exploiting weak access control measures, and utilising social engineering phishing campaigns as their main vehicle to target and exploit targeted audiences, resulting in data breaches and or ransomware attacks.
"Ransomware will remain a global cyber security threat during 2021 for these smaller financial providers and the associated risk of this threat is increasing. With the business disruption caused by COVID19, we have seen an accelerated need for digital transformation within the financial sector particularly the smaller financial industry providers.
"The fundamental security requirement for the finance industry is to understand who and what is trying to access finance technology environments and the data stored within. The cycle of lockdowns and the return-to-work regulations require organisations to put hybrid operating models in place that cater for both office and remote working, further highlighting the importance of identity and access management to support the business through this transformation," he added.