ago 30, 2022
A recent study by the bug bounty platform YesWeHack in collaboration with Foundry examines the extent to which financial institutions in the DACH region have been the target of cyberattacks in recent months. The result: Almost every company is affected in some way - and attackers are increasingly relying on more complex attack scenarios.
Finance is a lucrative target for cyberattacks
Only around seven percent of the study respondents stated that they had not been the victim of a cyberattack in the last twelve months. At 76 percent, the majority of respondents recorded between one and 20 successful attacks. One in 10 financial institutions (11 percent) had to contend with 21 to 50 attacks, and about four percent had even experienced more than 50. Credential theft is reported by 51 percent of respondents - particularly through social engineering attacks such as phishing. In third place among the most frequent attack scenarios is ransomware with almost 39 percent, followed by insider threats with 38 percent and attacks on databases (for example, via brute force attacks) with 37 percent.
No other target is more lucrative for cybercriminals than banks and insurance companies. The reason is obvious: There is a lot of data and money to be captured - in other words, exactly what attackers are after most. The current BKA situation report "Cybercrime" also confirms this development: Critical infrastructures, i.e. also banks and insurance companies, were particularly targeted by attackers last year.
What can the finance and insurance industry do to counter this growing threat?
The fact is, however, that banks are not sufficiently prepared for cyberattacks. Despite high standards, the financial sector has a massive backlog in IT security. The most frequent cause of attacks is human error: seven out of ten financial companies have become victims of cybercrime by mishandling email attachments. Striking in comparison to other critical infrastructure sectors: Many companies in the financial sector do not implement either technical or organizational measures to protect against email-based threats.
Virtual browser as protection against attacks from the Internet
The browser is the number one gateway for ransomware and other malware. The best protection against such attacks from the Internet is a virtual browser. This allows users to surf the Internet without hackers gaining access to government or corporate networks. R&S® Browser in the Box from Rohde & Schwarz Cybersecurity, for example, closes the "Internet" security gap by enabling a "digital" quarantine for hacker attacks. At the computer level, complete isolation takes place so that malware is kept away from the rest of the user's PC. In addition, at the network level, access to the Internet is separated from the intranet. The internal corporate network (intranet) is thus completely separated from the Internet. This mechanism also protects against attacks via e-mail attachments or during web conferences with microphone use and webcam support.
In addition, further protective measures should be taken - for example, encryption of the end devices, a highly secure VPN connection and securing the home WLAN.
Press & media contact
Uwe GreunkeResponsible for Marketing, Division Networks & Cybersecurity
uwe.greunke@rohde-schwarz.com
Rohde & Schwarz
Rohde & Schwarz is striving for a safer and connected world with its Test & Measurement, Technology Systems and Networks & Cybersecurity Divisions. For over 90 years, the global technology group has pushed technical boundaries with developments in cutting-edge technologies. The company's leading-edge products and solutions empower industrial, regulatory and government customers to attain technological and digital sovereignty. The privately owned, Munich based company can act independently, long-term and sustainably. Rohde & Schwarz generated net revenue of EUR 2.93 billion in the 2023/2024 fiscal year (July to June). On June 30, 2024, Rohde & Schwarz had more than 14,400 employees worldwide.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Networks & Cybersecurity
With its subsidiaries LANCOM Systems, Rohde & Schwarz Cybersecurity, and Rohde & Schwarz SIT, the group has bundled its expertise in one division. Know-how that is needed to become the largest provider of network and cybersecurity technology for companies, public authorities, and organizations in Europe.