What vulnerabilities did banking professionals using a secure web gateway exhibit in comparison to professionals from other industries? Find out here…

Based on anonymized usage data collected from banking industry professionals* that were part of other industry customers of a cybersecurity firm’s secure web gateway product, some cybersecurity trends relevant to the industry were disclosed.

First, the data was summarized to conclude that phishing was one of the most common cybersecurity threats in the banking industry, with financial fraud being the main reason for adversaries attacking the sector.

Second, the top three types of threats identified for the industry were social engineering, generative AI (GenAI) data security, and malicious content delivery.

Other findings

Third, the banking industry stood out among other industries in being one of the best at controlling the data risks associated with GenAI apps. They were more aggressive at blocking apps without a legitimate business purpose, and using data loss prevention (DLP) measures to control what can be sent to allowed apps. The more strategic and measured adoption of GenAI technology in the industry was attributed to better data security. Also:

  • In the data, three out of every 1,000 individuals in banking had clicked on a phishing link each month. (43%)
  • Data showed that adversaries were, instead of targeting cloud apps (as was common in other industries), created tailored phishing pages designed to mimic the target banking institutions’ websites and steal bank account information and login credentials to commit financial fraud.
  • The most common type of sensitive data uploaded to GenAI apps by banking employees in the data analysis were:
    • regulated data (46%)
    • intellectual property (23%)
    • passwords and keys (20%)
    • source code (11%)
  • The banking industry data showed lower GenAI usage (87%) than other industries (97%) in the data, attributed to stronger organizational restrictions in terms of DLP.
  • Each month, one out of every 100 employees in banking industry data were accessing content that involved suspicious documents hosted in cloud environments capable of delivering malicious payloads if opened; or various threats capable of capturing sensitive information (keystrokes, passwords saved in browsers, etc.)
  • During the period of the data analysis, Russian criminal groups were the threat actors most likely to target the sector with malicious content, particularly the TA577 and Indrik Spider groups. The top five malware families that were targeting the banking industry were:
    • downloader.SLoad (aka Starslord)
    • Infostealer.AgentTesla
    • Trojan.FakeUpdater
    • Trojan.Parrottds
    • Trojan.Valyria

According to Ray Canzanese, Director of Threat Labs, Netskope, the firm that shared its data analysis with the media, adversaries targeting the banking industry customers were primarily criminals focused on financial fraud, using social engineering and infostealers to try to obtain bank account details and banking portal login credentials: “We still see adversaries aiming to sabotage operations, steal sensitive data, and deploy ransomware, but in much smaller numbers than the financial fraudsters.”

*with prior authorization, the period starting 1 May, 2023 through 30 April, 2024. The statistics are declared to be a reflection of attacker tactics, user behavior, and organizational policy