Specifics of information security for the banking industry

[rakhirhif8963]

Main cyber threats to the financial industry
Banks face a wide range of cyber attacks aimed at disrupting their operations, stealing confidential data and funds. In 2024, “carpet” attacks began, when all banking services are hit at once.

One of the most serious and growing threats is distributed denial of service (DDoS) attacks, in which attackers overload a company's systems with a huge number of requests, taking critical services out of service. In the new reality, financial companies regularly face powerful attacks of up to 300 thousand requests per second, which is 60 times higher than the usual load on banking applications.

According to Servicepipe , the average duration of cyberattacks on financial institutions has increased sixfold since February 2022. The maximum volume of application attacks has increased more than tenfold, and an attack on a mobile application with an intensity of 20 million requests per second was repelled for the first time.

At the same time, more than a quarter of financial bulgaria mobile database traffic is automated requests from malicious bots , and analysts predict that malicious bot traffic will soon exceed human traffic . Bots hack and take over accounts, steal confidential user data, and then, for example, steal even more accounts using credential stuffing on other sites and services. In 2023, credential stuffing was used 30% more often than in previous periods, and cybercriminals are unlikely to slow down.

Targeted attacks using social engineering techniques such as phishing also pose a serious threat to banks, as they aim to deceive employees and customers in order to gain unauthorized access to systems and data.

The financial segment has a number of distinctive features and specific requirements for infrastructure in terms of information security:

Increased requirements for the protection of personal data
Banks work with confidential and sensitive financial information for clients, such as payment data, account data and investment portfolios. A leak or unauthorized access to it can cause serious damage to both the bank and its clients. Fines from many regulators are inevitable, and belonging to critical infrastructure entities increases responsibility and obliges banks to report every cyber incident not only to GosSOPKA, but also to FINTSERT. Criminal liability of management is likely for major leaks.