The report found that the rapid digitization of the financial services sector has led to a rise in global cyber threats in 2021, specifically the acceleration of high-profile cyber-attacks targeting third-party suppliers and critical zero-day vulnerabilities. This led FS-ISAC to increase its Regional Cyber Threat Levels an unprecedented three times in 2021.
FS-ISAC expects the trifecta of third-party risk, the growth in zero-day vulnerabilities as an attack vector, and the ability of ransomware groups to adapt despite increased scrutiny by law enforcement to complicate an already challenging cyber threat environment.
“As the threat landscape evolves fast, cross-border intelligence sharing is critical to help defend financial institutions against cyber threats,” said Steven Silberstein, CEO of FS-ISAC.
“FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise, and capabilities to better manage cyber risks that the financial industry faces on a daily basis.”
FS-ISAC’s report top threats for finance industry in 2022
The report outlined top threats to the industry in 2022 and beyond, including:
- Third-Party Attacks: Several high-profile third-party incidents have impacted the security and availability of products used by many firms, resulting in significant resources expended.
- Zero-Day Vulnerability Exploits: Zero-day exploits are growing due to the diversification of the kill chain. Criminals specialize in different stages of cybercrime, making it easy to simply buy or sell access to vulnerabilities without needing to know how to find them.
- Ransomware: Ransomware groups operating in safe-haven states shut down temporarily to avoid international law enforcement, only to open months later under new names.
Financial firms reported increased phishing and email compromise, which is the entry point for most attacks, and persistence of notorious malware strains often used to drop ransomware.
“The macro level cyber landscape translates into increased cyber threat activity on a daily basis, as cyber criminals are endlessly inventive in how they gain access and leverage to extort victims,” said Teresa Walsh, Global Head of Intelligence at FS-ISAC.
“Phishing is one of the most popular tactics threat actors use to access networks. 24% of FS-ISAC member-reported incidents are phishing campaigns targeting employees.”
FS-ISAC’s Navigating Cyber 2022 report methodology
The Navigating Cyber 2022 report is sourced from FS-ISAC’s member financial firms in more than 65 countries and further augmented by analysis by the global intelligence office.
Multiple streams of intelligence were leveraged for the curation of the round-up, which examined data from January 2021 to January 2022. The publicly accessible version of the report can be found here. The full report is only available to member financial institutions.