The global cyber threat against the finance sector: How SCION enhances financial cybersecurity

Author. Dario Colacicco     Jul 23, 2024
The global cyber threat against the finance sector: How SCION enhances financial cybersecurity

Banks and other financial players have always been a clear target for cyber criminals – “follow the money” – especially now when most financial businesses have made the transition into digital services, heightening the risk of cyberattacks. The most pressing threat against any financial institution today is the exploitation of the Internet’s vulnerabilities to attack financial institutions and services. The importance of cyber security in the financial sector cannot be overstated given the rise of cybersecurity challenges.

As financial institutions move their workloads to the cloud, online banking services expand, and other services such as remote maintenance and VPNs are exposed on the Internet, there is an increased risk of exposure to threat actors gaining access to networks. 

According to the IMF’s Global Financial Stability report from April 2024, the number of cyberattacks has nearly doubled since the beginning of 2020; with nearly one-fifth of all cyberattacks targeting financial institutions. The clear move to digital communication demonstrates that cybersecurity plays a critical role in ensuring the integrity and confidentiality of financial data, as well as ensuring the cybersecurity of financial services. This is fundamental not only to the trust and reliability of financial services but also to the finance community itself and, ultimately, for society to thrive. 

Internet – the preferred way to communicate today  

Critical infrastructure and businesses shouldn’t be using the Internet to communicate, but sometimes there is no other choice – given the complexity and interconnectedness of financial markets, the Internet seems to be the easiest way to connect the ecosystem. In the past, private lines were the preferred solution to ensure security. Today, they don’t fit the bill, especially for complex ecosystems such as the finance sector. This leaves the Internet as the best option.  

While the Internet brings benefits in terms of openness, it also brings shortcomings in terms of security. After the healthcare sector, the financial sector is the most targeted by hackers. Due to the interconnectivity of banks, an attack on one bank can easily spread across the entire network, impacting other financial institutions.  

Network is a key concept here: we can still use the Internet while safeguarding security and availability. How? By finally having a better choice with the SCION Internet!  

SCION enters the scene as an Internet architecture developed at ETH Zurich, Switzerland’s Federal Insitute of Technology and one of the most prestigious universities dedicated to science and technology in the world. SCION is a direct response to the gaping holes in today’s Internet; it was designed at the architecture level of the network to allow secure and resilient data transmission – simply known as quickly and safely sharing information. 

In Switzerland, SCION has become the network of choice for the financial sector with the Secure Swiss Finance Network or SSFN launched by the Swiss National Bank. 

Before exploring how SCION can help the finance sector become more resilient, let’s first examine the main challenges financial institutions face with today’s Internet.

Top 3 cyber challenges for banks and other financial institutions 

1) Rise of cyberattacks: the Internet's attack surface is enormous  


As organizations embrace the cloud, IoT spreads and grows, home office requires VPN solutions operating on the Internet, and attack surface expands. One of the reconnaissance techniques malicious actors use to discover organizations’ security levels is port scanning. With the Internet being so vast and open, port scanning is dangerous because it allows attackers to identify vulnerabilities in corporate networks that can be used as gateways for attacks such as ransomware targeting financial services.

In Switzerland alone, a financial institution reported over 8 million scans over the course of a quarter in 2023—staggering numbers that require security teams to stay alert at all times. Scans and intrusion attacks are just the first step in malicious activities on the Internet, often followed by targeted cyberattacks that banks and financial institutions can easily fall victim to. The following cyberattacks should be on your radar due to their widespread occurrence in the finance sector: 

Ransomware, post-intrusion attacks: Hackers use ransomware, a type of malware, to hold an individual or business’s system or information hostage until a ransom has been paid. SOPHOS reports that “Ransomware attacks in financial services went up from 55% in 2022 to 64% in 2023 – almost double the 34% reported by the sector in 2021. Root cause of half of these attacks? Exploited vulnerabilities.”  

Case in point: Early last November (2023), the world’s biggest bank – Industrial & Commercial Bank of China or ICBC, experienced a ransomware attack that “resulted in disruption to certain [financial services] systems.” It was, in fact, much worse than that – with a ripple effect for the US Treasury.  


Zero-day exploits: Zero-day exploits hinge on vulnerabilities in hardware or software – unknown to its developers. This is what makes them dangerous: the hackers find these “holes” before a business knows it exists, giving the business “zero-days” to patch the problem.

Case in point: Starting in May 2023, MOVEit, the US file transfer management SaaS company, saw a slew of ransomware victims among its clientele after several cases of a zero-day exploit. MOVEit is used by organizations to ship large amounts of sensitive data: pension information, social security numbers, medical records, billing data, etc. By mid- October, nearly half a year after the first breach, American Flagstar Bank became the 60th bank directly affected by the MOVEit data breach. The domino effect of this problem was seen for the entirety of 2023. 

2) Network downtime: DDoS and Internet outages  

When the Internet is down, you are down! Forced downtime can quickly turn into a crisis when it comes to business continuity. For instance, last year alone, organizations across the UK experienced losses of £3.7 billion and 50 million hours because of Internet failures and forced downtime. And these are “innocent” scenarios with no culprit. Banks can also experience distributed denial-of-service (DDoS) attacks, where cybercriminals overwhelm a network, service, or infrastructure with traffic, causing it to become inaccessible and using this as a distraction to breach their systems. Akamai reports that DDoS attacks on the financial services industry were up 154% in just one year (‘23 vs. ‘22).   

Case in point: Germany’s BaFin (the German acronym for “Federal Financial Supervisory Authority”) was the victim of a DDoS attack last September; its website was down for a little more than a weekend.  While BaFin was able to react quickly to the threat, their role is to ensure the stability, integrity, and transparency of the financial system in Germany, supervising about 2,700 banks, 800 financial services institutions, and over 700 insurance companies. Such an attack also shakes customer confidence.

3) Rise of regulatory compliance requirements 

Banks and other financial players are required to protect customer data by complying with strict data protection laws. In recent years, the finance sector has been subject to increasing regulatory scrutiny to enhance its stability and resilience. This includes adhering to mandatory regulations like GDPR, HIPAA, PSD2, the NIS2 directive, and DORA.

Case in point: A new version of the NIS directive, known as NIS2, will be implemented starting in 2025. NIS2 will now include critical sectors essential for societal functioning, such as financial services, which are crucial for economic stability. This will significantly impact the finance and insurance industry, as the security regulations will affect all critical services.

Benefits and use cases for SCION in finance  

SCION, which stands for Scalability, Control, and Isolation on Next-generation Networks, allows you to create a trust network with select participants with clear governance rules. Within the SCION network you benefit from path control and fast-failover properties.

So, whether you secure your network by building an EDGE-to-EDGE (router) infrastructure on the SCION network, where your HQ and subsidiaries are connected to each other with EDGEs installed on the cloud or server, or decide to protect a specific service on the SCION Internet by making it available only to remote users via Anapaya GATE, you are in good hands. With the SCION Internet you get the following cybersecurity benefits: 

  • Invisibility to port scanning: SCION helps by grouping networks into isolated domains based on trust with path control properties, which makes unauthorized scanning more difficult, thus increasing overall network security. 
  • Reduced attack surface for enhanced data security: On the SCION Internet, your attack surface is reduced to a group of users and ISPs that you want to reach and be reachable through. In short, you are in control of building your own network with trust at its center. On the Internet today, cyber criminals can easily impersonate networks and gain access to your data through route hijacks and leaks. This is simply not possible on the SCION Internet, where network paths are transparent and verifiable, thanks to strict governance rules among participants. In so doing, it automatically reduces a network’s attack surface, one of its groundbreaking benefits. 
  • Cyber resilience for business continuity: SCION is designed with resilience in mind, ensuring uninterrupted operations even in the face of disruptions. If a path is down, thanks to its fail-over mechanism, data will find a new path immediately. If an ISP is down, the service will keep running due to redundant mechanisms within the network. 
  • Data sovereignty and compliance: SCION allows for precise control over the path data takes, including geofencing. This feature is handy for compliance purposes, as organizations can ensure that packets do not traverse specific ISPs or geographical locations, making it easier to be compliant when it comes to protecting sensitive data. 

Anapaya’s solutions – providing access to the SCION Internet – can help banks and other financial institutions secure their network, enhance resilience, and ensure compliance across a range of financial services. Key areas include: 

Instant payments

Instant payments have seen remarkable growth, rising by nearly 29% last year. Projections indicate that by 2029, one in three consumer transactions worldwide will be instant. The immediacy of instant payments reduces security, increasing the risk of cyberattacks. In such cases, rapid backup connections are essential during outages or attacks.

Cross-border transactions

Cross-border payment systems are vulnerable to major security breaches, especially when data enters countries with less stringent security protocols. Creating a trust network with clear governance policies across various jurisdictions can greatly reduce the risk of cyber threats.

Strict compliance in financial institutions

Given the large volumes of money and data they handle, banks and finance institutions are prime targets for attackers. Regulators closely monitor them to prevent breaches that could have global economic repercussions. The IBM Cost of a Data Breach Report 2023 indicates that organizations with high levels of regulatory noncompliance faced an average data breach cost of USD 5.05 million, surpassing the average breach cost by USD 560,000, a difference of 12.6%. In today's world, compliance goes hand in hand with cybersecurity. 

VPN application for home office

As explored in the blog “Top 3 VPN challenges that put your business at risk”, virtual private network (VPN) services face new challenges that can compromise both organizational data security and network integrity. The rise of hybrid workforces has led most organizations to adopt VPNs for remote worker access, making VPNs a common entry point for malicious actors seeking initial access to target networks. In the finance sector, the pandemic heightened demand for online financial services and made work-from-home arrangements the norm.

SCION: The new status quo in Switzerland for payment systems  

SCION is a proven technology for finance with the Secure Swiss Finance Network (SSFN), a controlled and secure network launched by the Swiss National Bank and SIX, the infrastructure provider, which went live in June 2022 and will replace the former communication network entirely by the autumn of 2024.

The SSFN allows connected users in the Swiss financial center to communicate securely with SIX, other financial market infrastructures and with each other. The new network not only allows for the exchange of messages between financial market infrastructures (FMIs) and participants but also enables data to be exchanged securely between participants using the same architecture.  

Crucially, the SSFN increases the security and resilience of network connections to the Swiss Interbank Clearing (SIC) system and other FMIs.  

What does this new network look like? Rather than being more complex, as it might sound at first read, it is simpler. It gets to the crux of the matter with the old network. It was designed to do better, and it does – with a clearcut any-to-any architecture built on trust. 

Screenshot 2024-07-16 at 20.51.46

Screenshot 2024-07-16 at 20.51.56 

Implement SCION to safeguard your financial operations against evolving cyber threats – find out how to do it today!

 

TAGS:

SCION, Finance, Cyberattacks

Schedule a free
consultation and experience the power of SCION

Our specialists are ready to assist you in becoming SCION-enabled. Fill in the form on the right and elevate your network to the next level.