Financial Services is Having a Bad Year for Data Breaches—Lessons for Cyber Resiliency

Cyberattacks surged in 2023 with Financial Services being the second most targeted sector. See what lessons can be gleaned from these attacks to help build a more resilient future.

Cyberattacks surged in 2023. While this is bad news for everyone, certain sectors were hit harder than others. Financial Services—which includes banks, lenders, and insurance companies—ranked as the second highest sector for cyberattacks in the first half of 2023, surpassed only by Healthcare. During this period, Financial Services entities suffered 241 attacks, which is nearly double what they experienced during the same period of 2022. Unfortunately, the consequences of these attacks involve more than just a loss of customer trust. On average, Financial Services firms lose $5.9 million per data breach—that’s 28% higher than the global average. 

As the industry stands to lose much more in the face of ongoing cyber threats if action is not taken, our cybersecurity experts, led by Mike Sanchez, our CISO & SVP Cybersecurity Solutions, have pulled together their observations from some of the more series data breaches over the last year. Learning from these moments—their causes, impact, and implications—can provide useful insights into how Financial Services can refine best practices for navigating an increasingly sophisticated threat landscape and avoid falling victim to the same attack vectors.

2023’s biggest data breaches in Financial Services (with lessons learned)

1. Stolen user credentials impact records of millions.

In March 2023, Latitude Financial, a loan and financial services firm initially reported a breach affecting 328,000 individuals. Upon completion of a full investigation, however, that number was significantly amended when it was found that the personal information of a whopping 14 million individuals had been compromised, with records dating as far back as 2005. The cause? Stolen employee credentials. 

How to avoid compromising user credentials. 

Avoiding getting your user credentials stolen often comes down to one simple thing—password protection. Here are some simple methods to keep your login credentials safe and secret: 

  • Enforce regular password resets every 3-6 months and require immediate password resets for any company emails that are identified as compromised. 
  • Enable multi-factor authentication (MFA) or two-factor authentication (2FA) for logins, if these are not already in use (they should be). 
  • Institute a strict, no-password sharing policy.  
  • Educate your users on best practices for password protection, such as creating unique passwords for different accounts and avoiding using personal credentials for company accounts.  
  • Routinely check for compromises; know whether any company email addresses and or passwords have been compromised following a data breach.

2. Software vulnerability leads to SEC investigation.

Next, we are going to look at two data breaches, both caused by the MOVEit vulnerability. It’s likely you’ve heard of this, as it resulted in a number of massive data breaches and is now under investigation by the Securities and Exchange Commission (SEC). The “MOVEit vulnerability,” as it’s commonly called, is a zero-day SQL injection (SQLi) vulnerability in the MOVEit secure managed file transfer software. 

On May 31, 2023, Genworth Financial disclosed it had suffered a large data breach as a result of a third-party vendor’s use of the popular MOVEit file transfer program, which cybercriminals successfully exploited. An investigation discovered that the personal information of over 2.5 million customers, policyholders, and employees of Genworth Financial and its affiliate insurance companies had been compromised in the attack.  

On August 9, 2023, the US division of Earnst & Young announced it had also been infiltrated by bad actors through the MOVEit vulnerability. This breach, which targeted the data from Bank of America (BoA), affected the data of over 30,000 BoA customers. The stolen data included people’s full names, addresses, credit card numbers, social security numbers, driver’s license numbers, and more. 

How to mitigate risks related to the MOVEit vulnerability. 

When it comes to avoiding the effects of the MOVEit vulnerability, things are a bit more complicated, as it is related to a flaw of third-party software. CISA recommends taking the following actions to protect your organization: 

  • Find out if any vendors or third-party affiliates are using MOVEit Transfer or MOVEit Cloud and ensure they have the proper patches installed. 
  • Take an inventory of your assets and data, identifying authorized and unauthorized devices and software. 
  • Grant only necessary admin privileges and access.  
  • Establish a “software allow list” that executes only legitimate, approved applications. 
  • Monitor network ports, protocols, and services.  
  • Activate security configurations on network infrastructure devices such as firewalls and routers. 
  • Stay up to date on all patches and updates to software and applications and conduct regular vulnerability assessments. 

In order to fix the problem at the source, it is highly recommended that you visit Progress Software’s website to get the latest information on the specific MOVEit Transfer and MOVEit Cloud vulnerabilities. At that link, you will find multiple articles regarding patches, fixes, and advisories. 

3. SIM-swap attack bypasses two-factor authentication.

In late August 2023, Kroll, a financial firm handling bankruptcy claims for insolvent crypto firms such as BlockFi, FTX, and Genesis, revealed it had been the victim of a breach resulting from a SIM-swap attack. Also known as “SIM splitting,” “simjacking,” or “SIM hijacking,” this is a technique used by cybercriminals to get control of your phone number, allowing them to take advantage of two-factor authentication to gain access to your accounts. In Kroll’s case, a bad actor was able to successfully SIM swap a Kroll employee’s T-Mobile account, then used it to steal data from the company (luckily, it seems to have only affected a limited number of people’s non-sensitive data).   

How to prevent a SIM swap attack. 

Since SIM Swap attacks are less common (for now), most people aren’t yet familiar with them. So first, let’s look at the warning signs and red flags that might indicate that someone has fallen victim to one: 

  • Unusual or unexpected calls or texts about changes to mobile or cell services (don’t ignore these and contact the carrier immediately if you receive one). 
  • Suddenly finding yourself locked out of your phone and or certain apps (especially banking or social media). 
  • Your phone inexplicably stops working and you are suddenly unable to make or receive calls or texts (even when you seem to have plenty of signal bars). 
  • Receiving service notifications for actions you did not take (such as logins from new devices, password changes, etc.). 

Now that you know what a SIM swap looks like, let’s look at some methods you can put into action to help you avoid being the victim of this type of attack: 

  • Keep your phone (and SIM card) close to you. Don’t leave your mobile device unattended in public areas. Treat it the way you would treat your baggage at the airport: this will limit the possibility that someone may take or swap your physical SIM card. 
  • Use strong passwords. Don’t use common passwords (such as “password123”), default passwords (“admin123”), or those that contain information someone could learn about you online (birthdays, children’s names, pet names, favorite sports teams, etc.). 
  • Use security questions. Set up security questions that only you would know how to answer and avoid those that might be answerable with information that could be found online. 
  • Use MFA/2FA. Most websites and apps offer some form of multifactor authentication (MFA) or two-factor authentication (2FA). Any time these are available, activate them and use them. 
  • Enable biometric security features. Features such as face recognition and fingerprint scans are far harder to crack than a password. Always enable these on your mobile device when available. 
  • Lock your phone number. If your service provider offers options such as Port Freeze or Number Lock that protects your mobile number from unauthorized transfer, use it. These make it so that it’s impossible to port your number to another line or carrier unless the lock is removed by PIN or by physically visiting a brick-and-mortar location. 
  • Never reply to calls, emails, or text messages that request personal information. It could be threat actors who are trying to acquire information from you that might allow them to access your mobile devices or accounts (such as financial accounts or social media).  
  • Don’t overshare on social media. They may be fun, but social media sites are also a treasure trove of personal information. Be sure to never publicly post sensitive or personal information such as your full name, address, phone number, and date of birth. Also avoid sharing too many details about your life such as your routine/schedule, favorite sports teams, pet names, children’s names, etc. Many of these can be used as answers to security questions.
     

Cybersecurity starts with vigilance—and having the right partner goes a long way. 

With the Financial Services sector seemingly under siege by cybercriminals, it’s easy to become a little paranoid. However, it is far better to just be skeptical and remain vigilant to stay safe. Think before you click, use all available security features, and protect your mobile devices and personal information and it won’t be used against you or your organization by bad actors online.  

Of course, having a robust cybersecurity and risk management strategy is critical to not only identifying and addressing vulnerabilities early, but also having the right resources, response team, and plan in place to take immediate action if a breach is discovered. UDT has been on the front lines of cybersecurity since 1995, and we are uniquely positioned to help Financial Services organizations safeguard their valuable data and infrastructure. 

UDT offers cybersecurity tailored solutions to help you proactively monitor your organization’s risk and prioritize strategic security updates in areas with the most impact—without compromising on convenience, quality, or cost. To explore UDT’s adaptable portfolio of products and services, contact us today. 

What’s Your Security Risk Level?

Take UDT’s brief quiz for a preliminary cybersecurity recommendation.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.​

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.​

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.​

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,