January 25th Webinar: Innovation in Healthcare Powered by Microsoft Solutions in 2024

Key Cyber Risks for Financial Institutions During the Pandemic

Following with our blog series about cybersecurity and how organizations from different industries have been affected during the pandemic worldwide and have been pushed to re-think security as a business priority, and have changed the way of doing business, in this post I’ll focus on the key cyber risks for banks and other financial institutions during COVID-19.

As well described by KPMG, the pandemic has brought a significant increase in fraudulent activity. It is not a secret how life has become suddenly very different and unusual, making both people and organizations more susceptible and making personal and corporate banking customers an immediate target for fraudsters. Click here to read the complete KPMG article.

Key Cyber Risks 

Banking clients have faced the rise in the number of ‘phishing’ COVID-19 related emails that customers are receiving – emails that look like they come from a bank and that may be about financial support available in the wake of the pandemic, but which are actually a lure asking customers to provide or validate their account or identity information. Other emails may contain malware that downloads onto a customer’s system once a link is clicked.

Phishing flow example

Another cyber-attack that has increased during the pandemic is the Man-in-the-middle. These attacks occurs when attackers insert themselves into a two-party transaction accessing or manipulating data or transactions.

Man in the middle

There has also been an increase in call center fraud. Fraudsters may engage in what we call social engineering – posting innocent looking ‘fun’ questions on social media platforms such as ‘what was the name of your first pet?’ in order to gather information from individuals that they can use to impersonate them with their bank or to make a false insurance claim.

Priorities and Opportunities for this Industry

As mentioned above, financial institutions have been hit relatively more often by cyber attacks than most other industries since the pandemic started.  You can find data on attacks at Advisen here. There is a strong link between the prevalence of working from home (WFH) arrangements and the incidence of cyber attacks between the end of February and June 2020, the financial sector ranks high on both accounts.

WFH index by sector from Dingel and Neiman (2020)
WFH index by sector from Dingel and Neiman (2020)

The financial sector has the largest share of cyber events classified as COVID-19-related in recent months. Examples are phishing attacks that explicitly use the uncertainty around Covid-19 to entice users to open fraudulent attachments or grant attackers access to networks.

Policymakers and businesses are actively working together to mitigate the key cyber risks for financial institutions and their systemic implications. For instance, many private and public sector organizations are strengthening their operational resilience, and many have engaged in “war games” or simulations of cyber-attacks.

Top priorities in 2021

In conclusion, financial institutions will have the following top priorities to work on this year:

  • When it comes to digital customer engagement, efficient operations, or robust fraud management, financial institutions should identify and close key gaps in capabilities immediately.
  • Banks and other financial organizations need to make sure they have a clear strategy, such as cloud adoption, or how they will participate in the increasingly open ecosystem.
  • Should keep an eye on issues that are not yet urgent but are starting to receive a lot of industry attention.

How to protect your organization?

  • Microsoft Defender for Office 365: To safeguard your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
  • Conditional Access:  It is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. Conditional Access is at the heart of the new identity driven control plane.
  • Intune Conditional Access works along with Azure Active Directory to make sure only managed and compliant devices can access email, Microsoft 365 services, Software as a service (SaaS) apps, and on-premises apps.
  • Protect and Monitor your infrastructure using Azure Defender and Azure Sentinel

If you’d like to learn more about how to modernize and digitally transform your organization by using technologies from Microsoft, reach out to us here and we’ll connect with you to hear about your particular needs.



More Posts


Connect with us