Three quarters of finance firms report rise in cyberattacks since COVID-19 outbreak
Three quarters (74%) of UK finance firms have reported an increase in cybercrime since the beginning of the coronavirus pandemic, according to a new report by the cyber and intelligence arm of BAE Systems.
The report conducted by the UK’s largest defence contractor found that more than 400 UK banks and insurers also suffered from a rise in digital crime leading to average losses of £600,000.
The 902 organisations in the financial services sector who were surveyed warned of soaring rates of botnet, ransomware and phishing attacks as well as Covid-related fraud.
Almost half of the firms surveyed reported a rise in financial losses over the past 12 months as a result, costing each organisation £575,915 on average, BAE found. Some lost nearly £3.4 million per data breach.
Police forces in England, Wales and Northern Ireland recorded more than 6,000 cases of Covid-related fraud and cybercrime during the pandemic. Action Fraud, the national reporting centre for fraud and cybercrime, said £34.5m had been stolen since March last year.
Adrian Nish, head of cybertechnical services at BAE Systems Applied Intelligence, said: “Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victims’ ability to respond to attacks.”
The cybertechnical unit cited evidence of “clear collaboration” between different organised crime groups that was driving the increasing sophistication of the threats. Some were said to be backed by foreign states.
About 43% of firms also said that employees working from home had “harmed institutional security” as it had made potential holes in their network or made infrastructure less visible.
Mr Nish added: “Fraudsters and cybercriminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.”
However, the survey also found that IT security, cybercrime, fraud or risk department budgets had been cut by 27% over the same period. The cut almost mirrors the 32% increase in criminal activity detected by financial firms.
At the same time, UK consumers are also being harmed, with a fifth of banks and insurers saying they are no longer confident they can protect their customers.
A survey of more than 1,000 British consumers carried out by BAE Systems found that 27% had been sent an email hoax relating to Covid-19, with 20% also being targeted by text or SMS.
Even when refunded, the average amount of money stolen by cyber criminals from customers was £866. A total of 23% of respondents said they had bought a product from a fraudulent site in the past 12 months and never received their goods.
Nish warned: “We’re noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organised crime. Fraudsters and cyber criminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.”
Nish said: “Given the hunger for information about Covid-19, people are more willing to click on links or attachments that they perhaps may have otherwise been more wary of.”