Human Error: A Major Cyber Security Threat to the Financial Sector

As cyber crimes keep growing at an unprecedented rate, the financial sector has become one of the most targeted industries worldwide. An article published by Insider reports that financial institutions are 300 times more likely than other organizations to be targeted by a cyber attack. With their troves of valuable financial data and opportunities for massive financial gains, financial institutions serve as one of the most lucrative targets for cyber criminals today. According to a report by Accenture, the cost of cyber attacks is the highest in the banking industry, reaching $18.3 million annually per company.

Owing to the ever-evolving technology, cyber criminals have become adept at coming up with new and more sophisticated ways of breaching financial organizations. Often, humans are the weakest link in an institution’s cyber security chain, making them vulnerable to cyber attacks. A silly mistake by even a single employee or the unintentional neglect of the cyber security policies enforced by the management can lead to devastating cyber attacks.

Major Cyber Attacks on Financial Institutions Due to Human ErrorAccording to a study by IBM, 95% of cyber security breaches are primarily caused by human error. While you can strengthen your IT infrastructure by investing in cutting-edge technologies, the human factor of an organization remains highly dynamic and unpredictable. This can prove to be a huge drawback for your organization.

So, before we discuss the solutions, let’s give you some examples of how human errors have brought down huge financial institutions.

#1 Bangladesh Central Bank In 2016, North Korean hackers managed to rob Bangladesh Central Bank out of $81 million! Popularly referred to as the Bangladesh Bank robbery, this cyber heist is counted amongst the biggest cyber attacks on financial institutions and was only possible because of human error. Let’s see how.

The hackers managed to infiltrate the bank’s systems through an ordinary office printer located in a highly secure room of the bank’s main office in Dhaka. This printer, which was used to print transaction records worth millions of dollars, was reportedly malfunctioning. When the printer was rebooted, urgent messages from the Federal Reserve Bank in New York were spilling out. Bangladesh Central Bank kept a US-dollar account in the Federal Reserve Bank.

These messages claimed that the Federal Reserve Bank had received instructions from Bangladesh Bank to drain the entire account, which contained close to a billion dollars.

The next question that arises is how did the hackers compromise the printer. Well, in January 2015, they sent an innocuous-looking email to several employees of Bangladesh Bank, claiming to be from a job seeker called Rasel Ahlam. This email included an invitation to download his cover letter and CV from a website. At least one of the bank’s employees fell for the trick and downloaded the documents, resulting in the system getting infected with the virus. Once the bank’s systems were infected, hackers were able to hop from computer to computer and reach the digital vaults.

#2 Sequoia Capital Known for being one of Silicon Valley’s oldest and most notable venture capital firms, Sequoia Capital was hacked in February 2021. Counted amongst the major recent cyber attacks on financial institutions, this hack exposed some of the personal and financial information of its investors to a third party. The cyber attack succeeded when one of Sequoia’s employees fell victim to a phishing attack. Focused on energy, enterprise, financial, healthcare, mobile and internet startups, this VC firm has more than 1100 corporate clients in addition to over 200 international clients.

Read More: https://threatcop.ai/blog/human-error-a-major-cyber-security-threat-to-the-financial-sector/

ThreatCop is a cyberattack simulator and security awareness training tool to help employees combat phishing, vishing, smishing, cyber scam, ransomware, etc.