Financial Institutions Need to Take Cybersecurity Seriously

Tweet the fact that shocks you the most

43% of cyber attacks target small community businesses
smallbiztrends.com

4x

Financial institutions are 4 times more likely to be attacked than other industries
Websense Security Labs Report (now Forcepoint)

47% of the time, companies are unaware that they've been breached until a 3rd party tells them
Mandiant M-Trend Report

Cyber Attacks Are Expensive

For every $1 taken by fraud, financial institutions pay an additional $2.67 in chargebacks, fees, interest, and labor
LexisNexis Study

$336

The average cost per stolen record is $336 in financial services
IBM Security and the Ponemon Institute Report

81% of breaches at community financial institutions were at institutions with less than $35 million in annual revenue
Beazley Breach Response

The Threats You’re Up Against

Malware

Cybercrime group MoneyTaker used malware on a bank workstation to connect to the First Data STAR Network and steal $10 Million in debit card transfer funds
Group-IB

Over 40 different types of file extensions (file mimes) can been used to spread malware
LastLine

1/12

1 in 12 malware threats employ multiple advanced techniques such as evasion, packing, stealing, and stealth
LastLine

Phishing

91% of cyberattacks start with a phishing email
PhishMe (now Cofense)

76% of organizations reported being a victim of a phishing attack in 2016
Wombat Security State of the Phish

Fake invoice messages are the #1 type of phishing lure
Symantec Report

97% of people cannot identify a sophisticated phishing email
Intel

Ransomware

The first ransomware attack was delivered by floppy disk in 1989 and demanded $189 in payment
Wikipedia

Ransomware attacks rose 250% from 2016 to 2017 and caused an estimated $1 Billion in damage
Kaspersky

$1077

$1,077 is the average amount demanded by a ransomware attacker
Symantec Report

More than 4,000 ransomware attacks occur every day
FBI

Missing Patches / Outdated Software

E Logo

Failure to patch a 2 month old bug led to the massive Equifax breach
Ars Technica

Over 80% of breaches are the result of poor patch management
Voke, Inc.

Advanced Persistent Threat

What is an APT?

An Advanced Persistent Threat (APT) is an attack where various sophisticated techniques are employed to gain access to a network Attacks are performed by well organized and funded groups Once access is gained, attackers take sophisticated measures to avoid detection, perform reconnaissance of the environment, and then execute the primary objective Many times, the primary objective is to gather sensitive data, and then to extract that data

Beginning March 2016, Russian government cyber actors (known as Dragonfly) attacked US energy and other critical infrastructure sectors
Symantec, US-CERT

On June 4, 2015, US Government officials announced a breach of data at the Office of Personnel Management (OPM) by Chinese threat actors known as Deep Panda
SANS Institute

DDoS

In 2017, DDoS attacks increased 91% between Q1 and Q3
Corero Network Security

Password Issues

39% of people write their passwords on a piece of paper
Digital Guardian

61% of people re-use passwords across multiple websites
Digital Guardian

47% of people use passwords that are over 5 years old
TeleSign Consumer Account Security Report

Credential Theft or Misuse

49% of the time, attackers gain access to a system because they have stolen credentials
FireEye

63% of network intrusions are due to compromised user credentials
Microsoft

20% of organizations have experienced data breaches by ex-employees
OneLogin

Privilege Escalation

What is Privilege Escalation?

Privilege escalation is when an malicious program or user gains elevated access a protected area by either exploiting a bug, design flaw, or configuration oversight within an operating system or pieces of software

Forrester estimates that 80% of security breaches involve privileged credentials
Forrester Wave: Privilege Identity Management

Social Engineering

38% of attackers bypass defenses through social engineering
SANS Survey

48% of attacks occur through user error
SANS 2016 Threat Landscape Survey

58% of attacks on financial services organizations where from insiders who were either duped or bribed by outside actors
IBM

88% of IT professionals consider security awareness training to be the most effective protection against ransomware
KnowBe4 Survey

Unknown Software Vulnerabilities (Zero Day)

Fewer than 1% of vulnerabilities are classified as zero day, so 99% of vulnerabilities are known and should be patched ASAP
Symantec

There are about 27 different techniques that hackers can use to exploit any vulnerability in any product
ISMG interview of Dan Schiappa

Drive-by Downloads

What is a Drive-by Download?

Drive-by downloads are viruses or malware that a user unintentionally downloads while browsing online

The top 3 browsers (IE, Chrome and Firefox) had 1,004 vulnerabilities in 2015 and 2016
CVEdetails.com

Cybersecurity in the News

Navigating M365 Security: Insights from Our 4-Part Immersion Training

Navigating M365 Security: Insights from Our 4-Part Immersion Training

The highly anticipated and well-attended M365 Security Immersion Training event explored the nuances of Microsoft 365 (M365) security. Led by seasoned experts and M365-certified security administrator associates, this series offered critical insights into Conditional Access Policies, Azure/Entra ID tenant configurations, and the transformative role of Artificial Intelligence (AI) in community banking. For those bankers eager […]

Read more
Navigating the Rising Threats to ATM Security

Navigating the Rising Threats to ATM Security

ATM crimes are not only a monetary threat to financial institutions but also a reputational one, demanding continuous innovation in ATM security both physically and cybernetically. Evolution of ATM Threats The journey of ATM security challenges can be traced back to the initial invention and networking efforts by Lloyd Bank in the late 1960s and […]

Read more
Elevate Your M365 Security Game: Tips from Our Certified Pros!

Elevate Your M365 Security Game: Tips from Our Certified Pros!

In a recent webinar, our M365-certified security administrators provided an in-depth look at various Microsoft 365 building blocks such as security configurations, features, and policies. The session also covered the significance of secure email protocols, data protection, and the continuous evolution of cloud security technologies. This blog highlights several key security features and best practices […]

Read more
Secure Our World: Join Us in Celebrating Cybersecurity Awareness Month

Secure Our World: Join Us in Celebrating Cybersecurity Awareness Month

Cybersecurity Awareness Month, held annually in October, is a vital international initiative designed to raise awareness about the importance of being safe and secure online. This year’s theme, “Secure Our World,” continues from 2023 and highlights simple yet effective ways for individuals, families, and businesses to protect themselves from cyber threats. The Cybersecurity and Infrastructure […]

Read more
© 2025 UFS and Safe Systems are now the same company. Safe Systems is a registered trademark in the US. All rights reserved. Privacy Policy