An Evolving Beast: Cybercrime in financial services

August 14, 2019

2 min read

Sign up to our mailing list! 👇

What's going on here?

With the number of large-scale and successful cyber attacks in the finance sector increasing rapidly in recent years, stringent cybersecurity services are in high demand.

What does this mean?

As technology continues to advance, so does the sophistication of cybercrime. While some cybercriminals seek financial gain, in many cases they solely seek to cause disruption and ruin reputations. It is, therefore, no surprise that the financial services are a prime target for cyber-attack, given that they possess substantial amounts of sensitive data and manage large cash balances. The International Monetary Fund (IMF) reports that an outstanding 25% of cyber-attacks affect banks and other financial industries, which is far more than any other sector. 

Just earlier this year in March, a data breach at Capital One, affecting over 100 million customers, was discovered. Since Capital One’s cybersecurity nightmare, its shares have slid nearly 6%. The alleged hacker is Paige Thompson, a computer systems engineer who previously worked at Amazon Web Services, the cloud computing system where the Capital One data was stored. Companies with extensive IT footprints like Capital One are struggling to ensure both security and inventory management as they move to the cloud. Although ideally, a company like Capital One should be fully aware of every piece of data stored on its cloud systems, the scale of data they manage means that this is currently impossible.

What's the big picture effect?

Firms specialising in cybersecurity services have been quick to take advantage of heightened demand for IT security programs. Companies such as Fire Eye, Symantec, Ocorian, and Callsign all advertise artificial intelligence services that help identify unusual behaviour in IT systems. It is thus no wonder that cybersecurity has become a $655 billion industry. 

While the financial services are the most targeted industry for cybercrime, law firms are also increasingly investing in cybersecurity programs, as clients demand more secure data practices. The leak of 11.5 million records from the Panama-based law firm, Mossack Fonesca in the so-called “Panama Papers leak” is but one major example of how cyber-attackers are targeting law firms. Attackers who target law firms tend to access, steal and potentially leak their clients’ secrets.

However, according to Logic Force’s “Law Firm Cybersecurity Scorecard”, law firms are well behind the financial services when it comes to cybersecurity management. Logic Force claims that less than half of law firms are implementing some of the top-weighted cybersecurity protocols. These protocols include multi-factor authentication, third party risk assessment, and security operations monitoring.

Law and financial industries can double down on their due diligence in hiring employees to protect against insider cyber threats. However, this does not change the uncomfortable truth: as it stands, cybersecurity solutions only remain current and effective for a matter of weeks or months before attackers find a way to breach the security systems. Even with rapid advancement in the cybersecurity sector, it is currently almost impossible to stop a determined hacker with inside knowledge of a firm’s systems.

Report written by Lina Jeffcock

If you’d like to write for LittleLaw, click here!

Share this now!