Cyber Attacks are The Biggest Threat to U.S. Financial Enterprises

Cyber Attacks are The Biggest Threat to U.S. Financial Enterprises

The biggest threat to U.S. financial enterprises isn’t the foreign competition, market upheavals, or failure to innovate. Instead, it is cyber attacks, external threat actors, and hackers.

In fact, J.P. Morgan Chase CEO Jamie Dimon supports this claim in his recently released annual shareholder letter. He stated J.P. Morgan spends $600 million every year to defend against cyber attacks. However, Dimon points out the interconnectedness of U.S. financial enterprises presents a distinct challenge.

Financial Enterprises and Third-Parties

Financial enterprises face particular difficulties in securing their third-parties. Usually, third-parties include consumers as well as external vendors and partners such as your HVAC provider.

Often, hackers utilize island-hopping attacks through third-parties to reach their desired target. In an island hopping attack, instead of directly attacking their target, hackers instead infiltrate their much less secure third-parties; then, they can exploit their access to the financial enterprise IT environment to gain entry.

For U.S. financial enterprises, island hopping presents a relevant threat. Actually, businesses in the finance industry suffer a higher volume of island hopping attacks than most enterprises.

In particular, hackers use the island-hopping form called Reverse Business Email Compromise, according to Carbon Black. These attacks take advantage of exposed third-party email servers to dispense fileless malware.

Financial enterprises, which receive dozens if not hundreds of email communications a day, can become easily compromised by a single malicious email. More often than not, because these emails come from a recognized third-party, users tend not to recognize the email as a threat.     

What Your Business Can Do

Firstly, your financial enterprise must ensure all of its partners have a consistent layer of next-gen endpoint security. If possible, make it a condition of your partnership agreements that they have endpoint security which integrates with your own. Only with that level of visibility can you feel more confident of detecting attacks as they bombard your digital perimeter.  

       

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *