The Bulletin

SME Business

Cloud-based cyberattacks are on the rise, and targeting the financial services industry

  • Written by Joel Camissar, Regional Director of MVISION Cloud Asia Pacific, McAfee

As the world comes together to overcome the pandemic, cybercriminals are ramping up their activity to take advantage of the new, heavy reliance on technology and in particular, cloud-based applications and programs. According to McAfee’s latest Cloud Adoption and Risk Report: Work From Home Edition, there has been a significant increase in cyberattacks targeting cloud tools like Zoom, WebEx, and Microsoft Teams as many Australian and global organisations make the shift to working from home arrangements. This could evidently be here to stay with almost half of the global workforce expected to work remotely post the pandemic.


McAfee’s report found external attacks on cloud services and collaboration tools are seven times higher compared to the start of 2020 which is concerning given overall enterprise adoption of cloud services also spiked by 50 percent, and cloud collaboration tools increased in use by 600 percent.


As cybercriminals become more sophisticated and smarter by the day, every industry today is a target. But with the rapidly expanding threat landscape combined with increasing digitisation across the financial services industry, it is no surprise it was one of the hardest hit. It is, therefore, a crucial time for these organisations to be prioritising cloud security. There is never a good time to be complacent about cybersecurity, but especially now, the financial services industry should be proactively working to thwart the new wave of cloud-based attacks born from the pandemic


The COVID-19 effect on cybersecurity


With the new reality of working from home and increased need for unmanaged devices and cloud-based environments, organisations had to pivot, and in some instances, restructure their internal processes and technology stacks to maintain business continuity for their customers. While these systems may be high-performing in meeting customers’ digital demands, it must also encompass a strong security strategy to thwart cybercriminals targeting vulnerable infrastructures.


While industries pivot, so must consumers, and we’ve seen customers become increasingly reliant on their providers’ applications and other digital services to conduct their everyday banking. This has placed increased pressure on banks and fintechs alike to ensure their services are secure, and their customers’ data is protected.


The use of cash at shopfronts and checkouts have declined to help minimise the spread of coronavirus, therefore more digital payments for every day, small transactions are taking place for home-delivered food and groceries and online retailers. Further to this, however, the process of taking out a mortgage or refinancing has likely been undertaken digitally. While consumers are becoming more comfortable with major transactions online like these, it could also become a permanent change in the near future. The shifts here brought on by our new reality is putting cybersecurity under the spotlight to protect financial and customer data, as well as online, high-stake transactions.


Cloud-based attacks: the implications and risks


According to McAfee’s report, the financial services sector increased usage of collaboration services such as Microsoft 365 by 123 percent, while also seeing an increase in the use of business management services such as Salesforce by 61 percent. This is an unsurprising uptick in cloud usage as the financial services industry increasingly relies on cloud services to provide customer-facing digital financial services.


As a result, however, sophisticated attackers are emerging with attempts to penetrate the financial organisation to exfiltrate data—and given the rise in remote working, our research shows that it provides a wider attack surface for cloud-based attacks. McAfee found the financial services sector saw a 571 percent increase in cloud threats from January to April 2020.


The tactics of these cybercriminals are becomingly increasingly sophisticated, and we found that the IPs monitored were used to attack cloud accounts, as well as other malicious activity—showing the potential reuse of criminal infrastructure for multiple attacks.  


Many of the cyberattacks can be attributed to opportunistic threats, where cybercriminals “spray” cloud accounts with access attempts using stolen credentials—and the financial services industry is often targeted by external threat actors given the amount of sensitive data stored. The Asia Pacific region appears to be a key target as McAfee saw 50 percent more threats than the global average.


The best way forward for the financial services industry


It’s a crucial time for organisations in the financial services industry to adopt a cloud-centric security posture. This will address the need for increased cloud capabilities and combat cloud-native threats that are on the rise, while also providing full visibility and control over a remote workforce.


With remote working quickly becoming the new normal as the future of work, networking models are no longer realistic. To cater to this and prepare for possible attacks, organisations must reassess how they will accommodate for unmanaged devices connecting to their cloud services, and create policies that ensure sensitive information is consistently protected in the cloud.


Finally, organisations must deploy a unified security platform to extend protection from device to cloud. This will reduce complexity as well as the total cost of ownership, allowing for greater visibility and therefore security effectiveness and responsiveness for both sanctioned and shadow cloud services.

The Business Bulletin

3 ways tax debt relief rules are too tough Debbie (not her real name) lost her main client and was left without a reliable income, the sole trader sold her home and adjoining investment unit to pay off h...

Ann Kayis-Kumar, Associate Professor, UNSW - avatar Ann Kayis-Kumar, Associate Professor, UNSW

Jobs for men have barely grown since the COVID recession. What matters now is what we do about it

ChameleonsEye/ShutterstockOf all the weak targets ever adopted by Australian governments, one of the weakest has to have been an unemployment rate “comfortably below six per cent&rdquo...

Peter Martin, Visiting Fellow, Crawford School of Public Policy, Australian National University - avatar Peter Martin, Visiting Fellow, Crawford School of Public Policy, Australian National University

COVID-19 cost more in 2020 than the world's combined natural disasters in any of the past 20 years

www.shutterstock.comWhat have we lost because of the pandemic? According to our calculations, a lot — and many of the worst hit countries and regions are far from world media attention...

Ilan Noy, Chair in the Economics of Disasters and Climate Change, Te Herenga Waka — Victoria University of Wellington - avatar Ilan Noy, Chair in the Economics of Disasters and Climate Change, Te Herenga Waka — Victoria University of Wellington

There's fewer of us in it, but for those who are, it's worse

The good news from new research conducted by the Australian National University for Social Ventures Australia and the Brotherhood of St Laurence is that fewer of us[1] are in severe fina...

Ben Phillips, Associate Professor, Centre for Social Research and Methods, Director, Centre for Economic Policy Research (CEPR), Australian National University - avatar Ben Phillips, Associate Professor, Centre for Social Research and Methods, Director, Centre for Economic Policy Research (CEPR), Australian National University

Writers Wanted

News Co Media

Content & Technology Connecting Global Audiences

More Information - Less Opinion