Human Error: A Major Security Threat to the Financial Sector
As cyber crimes keep growing at an unprecedented rate, the financial sector has become one of the most targeted industries worldwide. An article published by Insider reports that financial institutions are 300 times more likely than other organizations to be targeted by a cyber attack. With their troves of valuable financial data and opportunities for massive financial gains, financial institutions serve as one of the most lucrative targets for cyber criminals today. According to a report by Accenture, the cost of cyber attacks is the highest in the banking industry, reaching $18.3 million annually per company.
Owing to the ever-evolving technology, cyber criminals have become adept at coming up with new and more sophisticated ways of breaching financial organizations. Often, humans are the weakest link in an institution’s cyber security chain, making them vulnerable to cyber attacks. A silly mistake by even a single employee or the unintentional neglect of the cyber security policies enforced by the management can lead to devastating cyber attacks.
Here’s an opportunity for you to stand out from the crowd!
Join our weekly newsletter Cyber Times and become a part of our Cyber Resilient Community
Major Cyber Attacks on Financial Institutions Due to Human Error
According to a study by IBM, 95% of cyber security breaches are primarily caused by human error. While you can strengthen your IT infrastructure by investing in cutting-edge technologies, the human factor of an organization remains highly dynamic and unpredictable. This can prove to be a huge drawback for your organization.
So, before we discuss the solutions, let’s give you some examples of how human errors have brought down huge financial institutions.
#1 Bangladesh Central Bank
In 2016, North Korean hackers managed to rob Bangladesh Central Bank out of $81 million! Popularly referred to as the Bangladesh Bank robbery, this cyber heist is counted amongst the biggest cyber attacks on financial institutions and was only possible because of human error. Let’s see how.
The hackers managed to infiltrate the bank’s systems through an ordinary office printer located in a highly secure room of the bank’s main office in Dhaka. This printer, which was used to print transaction records worth millions of dollars, was reportedly malfunctioning. When the printer was rebooted, urgent messages from the Federal Reserve Bank in New York were spilling out. Bangladesh Central Bank kept a US-dollar account in the Federal Reserve Bank.
These messages claimed that the Federal Reserve Bank had received instructions from Bangladesh Bank to drain the entire account, which contained close to a billion dollars.
The next question that arises is how did the hackers compromise the printer. Well, in January 2015, they sent an innocuous-looking email to several employees of Bangladesh Bank, claiming to be from a job seeker called Rasel Ahlam. This email included an invitation to download his cover letter and CV from a website. At least one of the bank’s employees fell for the trick and downloaded the documents, resulting in the system getting infected with the virus. Once the bank’s systems were infected, hackers were able to hop from computer to computer and reach the digital vaults.
#2 Sequoia Capital
Known for being one of Silicon Valley’s oldest and most notable venture capital firms, Sequoia Capital was hacked in February 2021. Counted amongst the major recent cyber attacks on financial institutions, this hack exposed some of the personal and financial information of its investors to a third party. The cyber attack succeeded when one of Sequoia’s employees fell victim to a phishing attack. Focused on energy, enterprise, financial, healthcare, mobile and internet startups, this VC firm has more than 1100 corporate clients in addition to over 200 international clients.
#3 Absa Bank
Absa, a South Africa-based financial services group, suffered a massive data breach in December 2020, resulting in the compromise of personal and financial information of its customers. Absa accused, dismissed and laid criminal charges against an employee for making selected customer data available to external parties. This data leak affected 2,09,000 customers, which make up for approximately 2% of Absa’s entire local client base. The accused former employee had sold the sensitive customer data to a few third-parties for personal financial gain. The leaked data included customers’ names, surnames, physical addresses, identity numbers, and bank account details. This data breach is just another prominent example of the growing number of cyber attacks on banks.
#4 GoDaddy Scam on Cryptocurrency Trading Platforms
Several cryptocurrency trading platforms were attacked in November 2020 by tricking the employees of the domain registrar GoDaddy. Hackers launched social engineering attacks on GoDaddy employees, which allowed them to take over control of multiple cryptocurrency exchange sites like Liquid and NiceHash. This scam exposed personal information of numerous users. This social engineering attack tricked a few of the GoDaddy employees into making modifications to certain customer domain names, transferring control of the victim crypto trading platforms’ account and domain to malicious actors.
#5 Experian South Africa
The South African branch of the renowned consumer credit reporting agency Experian suffered a devastating data breach in August 2020. The credit agency handed over the personal details of several of its South African customers to a fraudster posing as a client. According to a report published by South African Banking Risk Centre (SABRIC), this breach affected 793,749 local businesses and 24 million South Africans. The leaked data included addresses, names, ID numbers and occupations.
How to Mitigate Human Error in Financial Institutions?
As the examples mentioned above clearly indicate, even the slightest of human errors can lead to devastating consequences when it comes to security. With huge financial and reputational losses, the impact of cyber attacks on financial institutions is often much graver than other industries. For this reason, it has become essential for the financial sector to face the problem head-on and mitigate the threat before it turns into a full-blown disaster. Here are some things to keep in mind while working towards minimizing human error in your organization.
- The most effective way to eliminate human error is by creating a work culture where each of the organization’s employees work in line with the cyber security best practices. An organization where employees understand the importance of strictly adhering to the security policies enforced by the management is more likely to steer clear of these threats. However, for this to happen, employees need to understand the importance of being cyber resilient and the consequences of neglecting their responsibilities regarding keeping the organization safe from cyber threats.
“As cyber security leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture.” — Britney Hommertzheim
- Providing employees with cyber security awareness training is the best way of equipping them with the knowledge they need to detect and avoid cyber attack attempts. It makes them aware of the prevalent and emerging techniques used by cyber criminals for tricking users into doing their bidding. There are numerous types of cyber security awareness training programmes organizations can implement. However, before choosing one for your company, make sure it is just as engaging as it is informative.
- In addition to providing all the necessary information about the common cyber threats, these training programmes should also be engaging enough to catch the attention of your employees and make them interested in learning. Cyber attack simulation is one such training tactic that makes learning interactive and ensures knowledge retention in employees. Instead of offering theoretical information about the way different kinds of cyber attacks work, cyber attack simulation allows your employees to experience first-hand how a cyber attack attempt looks like in the real world.
- You can implement cyber security awareness training tools like ThreatCop to provide your employees with effective training without having to invest too much of your time and energy. ThreatCop is an expertly designed cyber security awareness tool that allows you to simulate five different kinds of cyber attacks on your employees. These cyber attack simulation campaigns are followed by engaging awareness sessions that include everything from videos and advisories to posters and newsletters.
So, take a step towards security by transforming your employees into a human firewall against cyber threats with cyber security awareness training. With financial institutions coming under fire from all sides, making sure you have iron-clad defenses is the only way to come out on the other side unscathed.
Worried About Getting Phished?
Detect malicious links with ThreatCop Link Scanner.