Cybersecurity for financial industry

Cybersecurity for financial industry

Finance is a lucrative target for cyberattacks

Only around seven percent of the study respondents stated that they had not been the victim of a cyberattack in the last twelve months. At 76 percent, the majority of respondents recorded between one and 20 successful attacks. One in 10 financial institutions (11 percent) had to contend with 21 to 50 attacks, and about four percent had even experienced more than 50. Credential theft is reported by 51 percent of respondents - particularly through social engineering attacks such as phishing. In third place among the most frequent attack scenarios is ransomware with almost 39 percent, followed by insider threats with 38 percent and attacks on databases (for example, via brute force attacks) with 37 percent.

No other target is more lucrative for cybercriminals than banks and insurance companies. The reason is obvious: There is a lot of data and money to be captured - in other words, exactly what attackers are after most. The BKA situation report "Cybercrime" also confirms this development: Critical infrastructures, i.e. also banks and insurance companies, were particularly targeted by attackers last year.

What can the finance and insurance industry do to counter this growing threat?

The fact is, however, that banks are not sufficiently prepared for cyberattacks. Despite high standards, the financial sector has a massive backlog in IT security. The most frequent cause of attacks is human error: seven out of ten financial companies have become victims of cybercrime by mishandling email attachments. Striking in comparison to other critical infrastructure sectors: Many companies in the financial sector do not implement either technical or organizational measures to protect against email-based threats.

Endpoint security: virtual browser as protection against attacks from the internet

The browser is the number one gateway for ransomware and other malware. The best protection against such attacks from the Internet is a virtual browser. This allows users to surf the Internet without hackers gaining access to government or corporate networks. R&S® Browser in the Box from Rohde & Schwarz Cybersecurity, for example, closes the "Internet" security gap by enabling a "digital" quarantine for hacker attacks. At the computer level, complete isolation takes place so that malware is kept away from the rest of the user's PC. In addition, at the network level, access to the Internet is separated from the intranet. The internal corporate network (intranet) is thus completely separated from the Internet. This mechanism also protects against attacks via e-mail attachments or during web conferences with microphone use and webcam support.

In addition, further protective measures should be taken - for example, encryption of the end devices, a highly secure VPN connection and securing the home WLAN.

Mobile security: R&S®ComSec solution using Apple indigo for smartphones and tablets

Combines convenient and secure working with sensitive data

The R&S®ComSec solution using Apple indigo combines convenient and secure working with sensitive data on smartphones and tablets in accordance with the VS-NfD standard, making every day work easier for users in government and security-critical environments.

BSI has examined the general security features and confirmed the effectiveness of the embedded security features

The BSI has examined the general security features and the possibilities for the secure use of the devices for the iOS and iPadOS operating systems. The tests have confirmed the effectiveness of the embedded security features and concluded that the apps for Calendar, Contacts, and Mail integrated into commercial iPhone and iPad devices also complement the existing portfolio of secure mobile solutions when processing information in the classification level “Verschlusssache - nur für den Dienstgebrauch.”

The evaluation was performed by an independent laboratory and BSI, on the basis of the standards and methodology of the internationally recognized Common Criteria. The solution is known as Apple indigo.

R&S®ComSec solution using iOS native devices in government operation

Apple indigo which stands for “iOS Native Devices in Government Operation” and is a convenient and secure solution developed by Apple for iPhones and iPads in government use. This platform enables the use of end devices up to classification level VS-NfD and offers advantages such as the use of standard Apple hardware and software as well as native apps.

If you have any further questions, please contact us.

R&S Cybersecurity and agilimo Consulting

Security specialists R&S Cybersecurity and agilimo Consulting

A specialized and competent team for the protection of sensitive data - IT Security Made in Germany

agilimo Consulting operates a German Security Operations Center and implements solutions for cybersecurity, cyber defense and mobile, highly secure working in accordance with the VS-NfD standard. More than two decades of experience in projects of national and international organizations ensure sustainable, secure and high-performance cooperation. Together with Rohde & Schwarz Cybersecurity, the R&S®ComSec solution has been realized.

Your monthly cybersecurity update

Your monthly cybersecurity update

Contact us

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Permiso de marketing

Deseo recibir información de Rohde & Schwarz por

Deseo recibir información de marketing o publicidad (p. ej. sobre ofertas especiales y promociones de descuentos) de Rohde & Schwarz GmbH & Co. KG y la entidad o compañía filial de Rohde & Schwarz indicada en la Información legal de este sitio web por correo electrónico o postal. Encontrará información adicional sobre el uso de los datos personales y el procedimiento de retirada en la Declaración de privacidad y la Autorización de marketing.

Se ha enviado su solicitud. Nos pondremos en contacto con usted lo antes posible.
An error is occurred, please try it again later.