From:Â RegTech Analyst
There was no shortage of digital assaults last year, but at least there are lessons to learn from them.
Business leaders are focusing more and more on cybersecurity, with two-thirds expecting to up their digital defence budgets this year.
It is easy to see why. In the UK alone, 70% of financial firms have suffered a hack attack in the last year.
Globally, the rising number of breaches and growing compliance concerns are resulting in an estimated growth at a compound annual rate of 9.5% by 2027 of the cybersecurity sector, according to Absolute Markets Insights’ research.
Similarly, RegTech Analyst’s data showed that 21.3%, or $2.8bn, of all RegTech investment between 2014 and the first half of 2019 went into cybersecurity companies.
For instance, RegTech100 startup Enveil is one of the companies stepping up take advantage of the rising need of cybersecurity solutions. Egress is another.
As the market keeps on skyrocketing, we look back at some of the biggest breaches suffered by the financial services industry in 2019.
The Capital One hack
Capital One was attacked in March 2019. However, it took almost three months before the bank noticed that 106 million of its customers’ data had been compromised. The breach was only discovered in mid-July after a GitHub user alerted the company of some potential cybersecurity weaknesses.
When Capital One went public about the breach in July, it was revealed that an outsider had stolen data about customers’ credit scores, credit limits, payments histories and contact information. Roughly 140,000 social security numbers and 80,000 linked bank accounts of Capital One’s secured credit card customers were compromised in the breach.
The woman accused of being behind the attack was caught by the FBI at the same time as Capital One unveiled the hack attack to the public.
While the bank stated at the time that it believed none of the information had been used to commit fraud, Richard D. Fairbank, chairman and CEO of Capital One, said he was “deeply sorry for what has happened.â€
However, his apologies did not prevent industry experts as well as politicians like Democratic presidential hopeful Elizabeth Warren from asking some serious questions about how the hack could have happened in the first place and what routines the company had had in place to prevent it.
Visa revealed point of sale cyberattacks
Point of sale attacks are not uncommon. Still, when payment giants like Visa tell you about them, it might be time to prick up your ears.
That was the case when Visa revealed that fuel merchants in the US had fallen victim to a digital assault like that in the summer of 2019.
Visa reported that two types of attacks had been launched against the merchants with the aim to steal credit card information.
The payment giant revealed the hackers used phishing attacks targeting a fuel merchant’s employees in one of the assaults. Once the staff member opened the compromised email, the hackers could install a Trojan granting the outsiders access to the company’s internal network.
This in turn enabled them to install a random memory scraper harvesting payment card data.
Visa was unclear how the second type of attack against a fuel dispenser in North America began, but the end result was the same: an installed memory scraper harvesting payment data.
The first type of attack serves as a reminder as to why hackers and employees are employers’ biggest cybersecurity concerns.
Billtrust suffered ransomware attack
Ransomware attacks are becoming more frequent. Their numbers grew by 118% in the first quarter of 2019 alone. Moreover, new strains of the different viruses are developed all the time, with GandCraba and Emotet being two of the worst ransomware versions to look out for right now.
The proliferation of ransomware attacks was something the American FinTech company Billtrust experienced the hard way when it fell victim to hackers in mid-October. The ransomware attack forced the enterprise to shut down its services.
As a result, clients could not use the company’s invoice management solutions.
While it was able to stop the ransomware from spreading and to eventually restore most of its systems, it highlights how no company, tech or otherwise, is safe from laptop-wielding larcenists.
Second Click2Gov hack wave compromised over 20,000 payment card records
Over 20,000 payment card records were compromised in a series of hack attacks affecting the US bill-paying portal Click2Gov.
The wave of digital assaults began in August 2019, but it was not the first one. It had also experienced a similar attack beginning in December 2018. The first digital siege ended up compromising over 300,000 records.
Even though several of the eight cities that were attacked in the first wave had patched their services since, the researchers revealing the second surge stated that they still remained vulnerable to assaults.
Copyright © 2020 FinTech Global
