Supply chain attacks, Zero Day vulnerability exploits and ransomware were the top three threats to the industry: report

In a January 2021 to January 2022 survey of thousands of member financial firms of the FS-ISAC in more than 65 countries and with additional analyses of multiple streams of intelligence, it has been concluded that the rapid digitization of the financial services sector led to a rise in global cyber threats in 2021—specifically the acceleration of high-profile cyberattacks targeting third-party suppliers and critical Zero Day vulnerabilities.

This has led FS-ISAC to increase its Regional Cyber Threat Levels an unprecedented three times in 2021. 

Looking ahead to the current year, the organization expects the following trifecta of third-party risks to complicate an already challenging cyber threat environment for the industry in 2022 and beyond:

  1. Third-party attacks (supply chain attacks): Several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms.
  2. Zero Day vulnerability exploits: These cybercrimes are growing due to the diversification of the kill chain. Criminals increasingly specialize in different stages of cybercrime, making it easy to simply buy (or sell) access to vulnerabilities without needing to know how to find them.
  3. Ransomware: Due to attack groups operating in safe-haven countries and being ready to shut down temporarily to avoid international law enforcement—only to open months later under new names with few repercussions—this threat to the industry is of major concern. 

High levels of phishing and business email compromise formed the entry point for most attacks in the survey, followed by the persistence of notorious malware strains often used to drop ransomware. In fact, 24% of FS-ISAC member-reported incidents were phishing campaigns targeting employees. 

Said Steven Silberstein, CEO, FS-ISAC: “Cross-border intelligence sharing is critical to help defend financial institutions against cyber threats.”