When CSI polled banks about their most significant concern for 2021, the answer was cybersecurity at 34%, by far the largest response. This poll was taken before the SolarWinds hack. Coming in second and third were meeting customer expectations (20%) and regulatory change (17%).
Going full virtual in 2020 was not an easy road for banks and especially credit unions. Many credit unions simply didn't have the infrastructure to handle remote work and 100% online ecommerce due to branches being completely shutdown. If those hurdles weren't enough, the looming and ever-present thread of a cyber hack or ransomware attack are potential threats that the financial industry needs to brace for.
Throughout 2020 and so far in 2021, the financial industry has been largely unscathed by hacks and ransomware attacks that have occurred. According to a Deloitte & Touche LLP survey, that may be due to the increased spending on Cybersecurity, which jumped 15% in 2020, according to a Deloitte & Touche LLP survey. Part of that was due to the obvious — forced remote work and customer service.
It's been a while since there has been a major hack on a bank. In 2014, JPMorgan Chase & Co. was the subject of the largest known cyberattack against a U.S. bank at the time. In 2019, Capital One Financial Corp. was hacked, exposing the personal financial information of more than 100 million Americans. The bank agreed to pay $80 million.
Banks don't see direct attacks on their infrastructure as their biggest cybersecurity concern. Instead, they see various forms of social engineering as the largest threat, including customer and employee-targeted phishing. This type of phishing can come in the form of email impersonations, which seek to gather employee and customer information.
Cyber social engineering is certainly a valid concern. With so many employees working from home, the same level of cybersecurity infrastructure as they had in the office isn't available in the home office.