It has been reported that, according to security firm ZeroFox, there has been a 56% year-over-year increase in digital threats targeting the financial space. Researchers scanned 2.9 billion pieces of content and found more than 8.9 million security events in a 12-month period. Brand abuse and manipulation was the most common threat, with more than 250,000 events. Ninety percent of these were name impersonations, often not easily detected due to disguising tactics.
There are three main threats to highlight for financial services organisations. These include social engineering attacks, attacks that take advantage of misconfigurations, and attacks that leverage consumer information from data breaches. A major threat from data breaches is how the data is used in common attacks like credential stuffing and fraudulent account creation to undermine consumer confidence while bypassing many traditional security solutions. Attackers do not recognise borders, boundaries, or nationalities, and attacks can originate from anywhere and make use of advanced spoofing techniques to disguise their traffic as legitimate, normal traffic. In NuData’s most recent review of fraudulent threats, the US was flagged as a top risk country. However, keep in mind that attackers have become more sophisticated at spoofing geo-location data correctly and masking their true location. Many attackers are focused on conducting targeted intrusions for more effective financial gain, making financial institutions and subscription services high-value targets. Most subscription services are backed by a bank account or payment card.
To defend against attackers, organisations need to take a layered approach to user authentication and use authentication processes that make use of multiple factors, typically something you know, have, or are. Biometrics, like fingerprint or iris scans, are something that you are. So, a biometric factor can help to authenticate that you are who you say you are, if the device and authentication workflow supports a biometric factor. Another example of a biometric factor is passive biometrics, which is a versatile factor used in frictionless solutions. Advanced technologies are used to recognise patterns, such as how consumers type, how they browse, how they move their mouse, or how they interact with their device.