Banking Trojans represent the biggest potential threat to financial institutions and their customers, and are on the rise, according to new research from Blueliv.
The Spanish threat intelligence firm released data from a recent Twitter poll of over 11,000 users and its newly launched report for the banking sector, Follow the Money.
Nearly a third (31%) of respondents claimed banking Trojans were the biggest threat to financial services firms, followed by mobile malware (28%), a category also increasingly comprised of Trojans designed to access customer accounts.
The bad news is that activity appears to be escalating in this area: Blueliv’s report revealed the firm tracked a three-digit uptick in Trickbot (283%) and Dridex (130%) detections over Q2 and Q3 this year.
The botnets are known to distribute banking Trojans as well as other malware targeting financial services.
The poll also revealed that skills shortages (28%) are the biggest challenge facing banks’ IT security teams as they try to build out programs.
Recent data from (ISC)2 revealed that global skills shortages now exceed four million. In Europe the crisis is particularly acute: shortages have soared by 100% over the past year to reach 291,000.
The poll also highlighted the challenges associated with high volumes of threats and alerts (26%) and poor visibility into threats (20%), which it is claimed are hampering banking cybersecurity teams as they struggle to combat attacks.
“Because they are such high-value targets for cyber-criminal activity, it is imperative that financial services organizations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack,” argued Blueliv CEO Daniel Solís.
“Security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitization to real, preventable threats. Threat intelligence can address the cyber skills gap through continuous automated monitoring combined with human resource to provide context, helping FSIs develop highly-targeted threat detection, prevention and investigation capabilities.”
Breaches in the financial sector tripled over the five years to 2018, with the average cost of cybercrime in the sector over $18 million, more than any other vertical, according to Accenture.