Malware Attacks Targeting Smaller Financial Institutions.
Credit unions and banks with less than $35 million accounted for 81% of hacking and malware breaches at financial institutions in 2016, a 54% increase over industry incidents in 2015.
New York City-based data breach response insurance firm Beazley in its "Beazley Breach Insights - July 2016" findings noted a sharp increase in hacking and malware attacks on financial institutions in the first six months of 2016, particularly those aimed at small banks and credit unions. The study, based on its response to client data breaches in the first six months of 2016, also found a consistent level of hacks in the healthcare, higher education and retail sectors compared to 2015.
During the first half of 2016, Beazley Breach Response Services unit managed 955 data breaches on behalf of clients, compared to 611 breaches during the same period last year. Financial institutions incurred 139 of these breaches, with breaches sparked by hacking and malware attacks being particularly common at institutions with revenues below $35 million.
Financial institutions reported a sharp increase in hacking and malware as a proportion of total breaches. In 2015, hacking and malware attacks accounted for 27% of the breaches Beazley handled for financial institutions. In the first half of this year, that climbed to 43%.
The report also revealed the proportion of data breaches originating from hacking and malware attacks in 2016's first six months across all industries stood at 31%, close to the 32% observed through midyear in 2015.
Higher education institutions continued to see a high proportion of breaches due to hacking or malware, with these accounting for 46% of industry breaches in the first half of 2015, up from 35% in 2015.
Within healthcare organizations, an industry that shares copious personal information, breaches caused by unintended disclosure represented 42% of all industry incidents in 2016 to date, a considerable rise from 30% in 2015. In the first half of 2016, hacking or malware caused 17% of healthcare breaches, down from 27% in 2015.
The rate of hacking and malware in the retail industry remained high, accounting for 49% of all retail data breaches handled by BBR Services in 2016, compared to 55% in 2015.
Ransomware attacks also continue to increase, with twice as many attacks in the first six months of 2016 (86) than Beazley handled in all of 2015 (43).
"The persistent high levels of hacking and malware attacks are a reminder that all organizations in all industries need to have plans ready to respond when a breach occurs," Katherine Keefe, global head of BBR Services, said. "The large increase we've observed in hacks aimed at financial institutions is noteworthy. Smaller banks and credit unions that typically have fewer defenses against these breaches are becoming bigger targets and need to be prepared."
Keefe recommended that financial institutions bolster their technology defenses as well as the training afforded to employees on cybersecurity and threat awareness. "There is a lot they can do to protect themselves," she said, "but the sobering reality is that not every breach can be prevented and businesses, including financial institutions, should have robust plans for managing breaches should they occur."
Join us in Dallas at the new Credit Union Times Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security. This two-day conference is designed for credit union executives, board of directors and those responsible for your credit unions cyber security policy. Register to attend and save $150.