The finance industry continues to be a prime target for cybercriminals, with Kaspersky warning that the sector faces greater harm from online fraud than any other as scammers employ increasingly sophisticated method to access customers’ personal data, take over accounts, open new ones, and even apply for credit, leading to significant financial losses.
Fraudsters often exploit compromised accounts to make purchases on credit, create money mules, and even launder money, a Kaspersky research reveals. Despite these risks, 82% of users report that they do not switch online banking providers due to the convenience of banking apps, while 95% remain confident in the security of their personal data.
Kaspersky’s findings align with those from IBM, which found that the lucrative gains from funds and valuable data held by financial institutions have made the financial services sector a top target for cybercriminals. According to the IBM X-Force Threat Intelligence Index 2024 report, the finance and insurance sector was the most attacked industry from 2018 to 2020 and ranked second from 2021 to 2023, showcasing the sector has consistently been one of the top targets for cyber threats over the years.
These cybercrimes are costing the industry significant amounts of money. According to the IMF’s Global Financial Stability Report, nearly one-fifth of reported cyber incidents over the past two decades have impacted the global financial sector, resulting in direct losses of US$12 billion. Since 2020 alone, these losses have totaled an alarming US$2.5 billion.
The Philippines emerges as key target
Across Southeast Asia, the Philippines has emerged as a key target for cybercriminals. In 2023, the country recorded the highest number of financial-related phishing attempts on business devices with 163,279 incidents, Kaspersky reported. Financial phishing refers to fraudulent resources related to banking, payment systems, and digital shops.
To address rising cyber threats in the sector, the Bangko Sentral ng Pilipinas (BSP) introduced in August 2024 a framework to bolster cyber resilience in the financial services sector.
The 2024-2029 Financial Services Cyber Resilience Plan (FSCRP) focuses on establishing clear, coordinated incident response protocols, promoting active collaboration, fostering a strong cybersecurity culture, and implementing comprehensive best practices and standards. Key initiatives include creating baseline incident response plans, developing scenario-based playbooks, and conducting industry-wide cyber testing.
The FSCRP aligns with the National Cybersecurity Plan (NCSP) 2023-2028. Crafted by the Department of Information and Communications Technology (DICT) and adopted in April 2024, the NCSP 2023-2028 is designed as a “whole-of-nation” strategy for the integrated development of the Philippines’ cybersecurity infrastructure.
The growing cyber threat landscape
In 2023, more than two-thirds (68%) of companies in the Philippines experienced at least one cybersecurity incident, due mostly to phishing, web attacks, and business email compromise, a study by Cloudflare showed.
These incidents proved costly for organizations in the Philippines, with 38% of respondents indicating that they incurred a financial impact of at least US$1 million from cybersecurity incidents over the 12 months before the survey.
Respondents also cited reputational damage, loss of the data/intellectual property, and loss of customers as the biggest impact felt by their organizations outside of financial loss.
The threat continued to intensify in 2024. In Q1 2024, the Philippines faced an alarming average of five billion cyberattacks per day, an increase of 28% compared to the 3.9 billion daily attacks reported in Q4 2023, according to Cloudflare.
Featured image credit: edited from freepik