The critical role of the banking sector has made cybersecurity a focal point in recent years. In Singapore, the financial services sector saw 346 ransomware incidents in 2023, making it one of the most targeted industries. But the question is — do they know who they’re up against?
As banks become increasingly modernised, turning to open banking and enhancing their hybrid-cloud environments, they are not alone. Cyber criminals’ tactics are also evolving, creating an ongoing arms race between security teams and threats. And with banks housing a plethora of sensitive payment data, having access to high-profile information, and playing a critical role in the country’s operations, ransomware actors continue to target this sector with attacks, hoping a big payout could be on the table.
A shift in the landscape
The financial sector has undergone a digital revolution in the last decade. As financial processes move online and the world becomes increasingly cashless, banks are embracing the cloud for more internal and customer-facing processes. It’s a no-brainer: the cloud offers scalability, efficiency, and more flexible digital banking options for customers. And with young FinTech challengers quick to offer open banking, traditional financial services organisations that are slow to digitise may lose out to competition.
According to recent studies, the total transaction value of digital payments in Singapore is expected to surge to a projected total amount of US$43.40 bn by 2028, demonstrating the increasing reliance on digital payment methods. Rapid migrations and a new, hybrid cloud environment requires far more than traditional on-premises security tools, leaving critical security blind spots. If digital payment systems are left with security gaps, one well-placed attack could disrupt national stability on a scale we have not yet seen.
Biding their time
Financial institutions face significant risks, especially as ransomware remains a top threat despite heavy cybersecurity investments. This is compounded by a growing concern over Ransomware-as-a-Service (RaaS) — which allows cybercriminals to “subscribe” to a ransomware service from other hackers to infiltrate corporate networks. This exposes them up to a range of tactics from phishing and exploiting software vulnerabilities. These hackers persist on networks for months at a time, moving laterally to collect intelligence and locate sensitive data stores. Any further actions, such as launching malware, stealing data, or destroying a server, can then cause maximum damage.
As hybrid cloud environments grow more complex, workloads and data become more widespread and broaden the attack surface of any organisation. For financial institutions, finding and illuminating any potential blind spots needs to be a key consideration before, during, and after every cloud migration. Moreover, security teams must reconfigure their tool stacks to achieve sufficient visibility into the cloud. Traditional, on-premises security tools are often over-reliant on data from logs, traces, and event files, making them very easy for today’s more sophisticated threat actors to exploit. Logs are mutable, meaning criminals can manipulate these records to cover their tracks and successfully evade detection. The only way for security teams to successfully expose hidden threats is by gaining complete visibility of all the traffic on their networks, including East-West traffic in both on-premises and cloud environments.
Hiding in plain sight
Threat actors also exploit a common security strategy: encryption. The Monetary Authority of Singapore (MAS) has recently raised concerns about quantum computing’s potential to break traditional encryption. Additionally, encrypted traffic can hide malicious activities happening within a network, preventing security tools from detecting suspicious network behaviour and even data exfiltration.
Two-thirds of security leaders in Singapore acknowledge that encrypted traffic is less likely to be inspected, often bypassing scrutiny due to the high costs and complexities of decryption. In fact, 62% admit they haven’t tackled decryption as they consider it time-consuming and costly — the highest rate globally, surpassing the worldwide average of 53%. But in doing so, security teams are leaving their networks vulnerable to attacks, running the risk of only discovering a breach when it’s too late and stolen data is already on the dark web.
Financial institutions cannot afford to fall behind today’s cybercriminals. No organisation can defend against a threat that they don’t know is in their network, so achieving deep observability over all networks — including encrypted data any traffic and data flow between devices — is the only way to protect against unforeseen attacks and disruption.
