As the world comes together to overcome the pandemic, cybercriminals are ramping up their activity to take advantage of the new, heavy reliance on technology and in particular, cloud-based applications and programs. According to McAfee’s latest Cloud Adoption and Risk Report: Work From Home Edition, there has been a significant increase in cyberattacks targeting cloud tools like Zoom, WebEx, and Microsoft Teams as many Australian and global organisations make the shift to working from home arrangements. This could evidently be here to stay with almost half of the global workforce expected to work remotely post the pandemic.
McAfee’s report found external attacks on cloud services and collaboration tools are seven times higher compared to the start of 2020 which is concerning given overall enterprise adoption of cloud services also spiked by 50 percent, and cloud collaboration tools increased in use by 600 percent.
As cybercriminals become more sophisticated and smarter by the day, every industry today is a target. But with the rapidly expanding threat landscape combined with increasing digitisation across the financial services industry, it is no surprise it was one of the hardest hit. It is, therefore, a crucial time for these organisations to be prioritising cloud security. There is never a good time to be complacent about cybersecurity, but especially now, the financial services industry should be proactively working to thwart the new wave of cloud-based attacks born from the pandemic
The COVID-19 effect on cybersecurity
With the new reality of working from home and increased need for unmanaged devices and cloud-based environments, organisations had to pivot, and in some instances, restructure their internal processes and technology stacks to maintain business continuity for their customers. While these systems may be high-performing in meeting customers’ digital demands, it must also encompass a strong security strategy to thwart cybercriminals targeting vulnerable infrastructures.
While industries pivot, so must consumers, and we’ve seen customers become increasingly reliant on their providers’ applications and other digital services to conduct their everyday banking. This has placed increased pressure on banks and fintechs alike to ensure their services are secure, and their customers’ data is protected.
The use of cash at shopfronts and checkouts have declined to help minimise the spread of coronavirus, therefore more digital payments for every day, small transactions are taking place for home-delivered food and groceries and online retailers. Further to this, however, the process of taking out a mortgage or refinancing has likely been undertaken digitally. While consumers are becoming more comfortable with major transactions online like these, it could also become a permanent change in the near future. The shifts here brought on by our new reality is putting cybersecurity under the spotlight to protect financial and customer data, as well as online, high-stake transactions.
Cloud-based attacks: the implications and risks
According to McAfee’s report, the financial services sector increased usage of collaboration services such as Microsoft 365 by 123 percent, while also seeing an increase in the use of business management services such as Salesforce by 61 percent. This is an unsurprising uptick in cloud usage as the financial services industry increasingly relies on cloud services to provide customer-facing digital financial services.
As a result, however, sophisticated attackers are emerging with attempts to penetrate the financial organisation to exfiltrate data—and given the rise in remote working, our research shows that it provides a wider attack surface for cloud-based attacks. McAfee found the financial services sector saw a 571 percent increase in cloud threats from January to April 2020.
The tactics of these cybercriminals are becomingly increasingly sophisticated, and we found that the IPs monitored were used to attack cloud accounts, as well as other malicious activity—showing the potential reuse of criminal infrastructure for multiple attacks.
Many of the cyberattacks can be attributed to opportunistic threats, where cybercriminals “spray” cloud accounts with access attempts using stolen credentials—and the financial services industry is often targeted by external threat actors given the amount of sensitive data stored. The Asia Pacific region appears to be a key target as McAfee saw 50 percent more threats than the global average.
The best way forward for the financial services industry
It’s a crucial time for organisations in the financial services industry to adopt a cloud-centric security posture. This will address the need for increased cloud capabilities and combat cloud-native threats that are on the rise, while also providing full visibility and control over a remote workforce.
With remote working quickly becoming the new normal as the future of work, networking models are no longer realistic. To cater to this and prepare for possible attacks, organisations must reassess how they will accommodate for unmanaged devices connecting to their cloud services, and create policies that ensure sensitive information is consistently protected in the cloud.
Finally, organisations must deploy a unified security platform to extend protection from device to cloud. This will reduce complexity as well as the total cost of ownership, allowing for greater visibility and therefore security effectiveness and responsiveness for both sanctioned and shadow cloud services.