Cyber Attacks are The Biggest Threat to U.S. Financial Enterprises
The biggest threat to U.S. financial enterprises isn’t the foreign competition, market upheavals, or failure to innovate. Instead, it is cyber attacks, external threat actors, and hackers.
In fact, J.P. Morgan Chase CEO Jamie Dimon supports this claim in his recently released annual shareholder letter. He stated J.P. Morgan spends $600 million every year to defend against cyber attacks. However, Dimon points out the interconnectedness of U.S. financial enterprises presents a distinct challenge.
Financial Enterprises and Third-Parties
Financial enterprises face particular difficulties in securing their third-parties. Usually, third-parties include consumers as well as external vendors and partners such as your HVAC provider.
Often, hackers utilize island-hopping attacks through third-parties to reach their desired target. In an island hopping attack, instead of directly attacking their target, hackers instead infiltrate their much less secure third-parties; then, they can exploit their access to the financial enterprise IT environment to gain entry.
For U.S. financial enterprises, island hopping presents a relevant threat. Actually, businesses in the finance industry suffer a higher volume of island hopping attacks than most enterprises.
In particular, hackers use the island-hopping form called Reverse Business Email Compromise, according to Carbon Black. These attacks take advantage of exposed third-party email servers to dispense fileless malware.
Financial enterprises, which receive dozens if not hundreds of email communications a day, can become easily compromised by a single malicious email. More often than not, because these emails come from a recognized third-party, users tend not to recognize the email as a threat.
What Your Business Can Do
Firstly, your financial enterprise must ensure all of its partners have a consistent layer of next-gen endpoint security. If possible, make it a condition of your partnership agreements that they have endpoint security which integrates with your own. Only with that level of visibility can you feel more confident of detecting attacks as they bombard your digital perimeter.