4 Security Threats to the Lending Industry for 2020


JP Morgan Chase CEO Jamie Dimon stated in 2019 that “the threat of cybersecurity may very well be the biggest threat to the U.S. financial system.” He went on to say that his company dedicates 3,000 people and $600 million to cybersecurity each year. And there’s good reason for this.

By the end of 2018, the IBM X-Force Threat Intelligence Index reported that the insurance and financial sector was “the most-attacked industry” for three years running. Despite making attempts to remain secure, the lending industry is under attack because hackers see it as a rich source of vulnerable data and easy cash.

If your business isn’t prepared to face these threats in the coming years, the results could be financially devastating for you and your clients. Here are four of the top security threats that the lending industry faces for 2020.

1. Ransomware Targeting the Cloud

Ransomware continues to be a billion-dollar industry for hackers, and the financial sector is a prime target. In 2020, look for ransomware to shift its focus to the cloud. Until now, this type of threat has left the cloud virtually untouched, but more businesses, including lenders, have moved their servers here.

If you are using the cloud, it’s time to take a closer look at your security. Make sure you are using advanced malware protection. Have your provider outline the resources used to secure virtual environments and S3 buckets.

2. Phishing and Stolen Credentials

Verizon’s 2019 Data Breach Investigations Report found that roughly 10% of breaches stemmed from the financial services industry. And some of the most prolific attack methods involved phishing and stolen credentials. Hackers are using phishing through email or social engineering to “trick” users and employees into handing over their credentials.

One of the best ways to combat this type of threat is by requiring two-factor authentication (2FA) for all access by both customers and employees. That way, if a hacker does get login credentials, they won’t gain access without the second half of the equation.


3. Web Application Attacks

Lenders use any number of web applications ranging from online calculators to Google docs to web-based platforms for financial recordkeeping. These are all vulnerable to attack, whether from forwards to SQL injections or unvalidated redirects.

Lenders can safeguard against some of these attacks by using an intelligent Web Application Firewall (WAF) alongside a behavioral firewall that will block cross-site scripting (XSS) attacks. Businesses should also frequently audit databases to identify vulnerabilities. Further, lenders must make sure that web applications are trustworthy and that they are using the latest and most secure versions.

4. Threats from Within

Believe it or not, up to 60% of cyberattacks originate from inside the company - whether intentional or not. In some cases, a disgruntled or poorly-compensated analyst may conclude that it’s more lucrative to sell customer data to hackers. In other cases, human error or vulnerabilities in the system lead to costly data breaches.

You can protect your company’s data by putting more internal controls on your systems. Create a culture that values employees as well as customers and their data. It’s also a good idea to limit what leaves the physical work perimeter as far as taking work home since this can present a cybersecurity weak point.

Cybersecurity threats in the financial services sector remain prolific and aren't expected to abate any time soon. When damage occurs, it can be substantial and irreversible. With so much at stake for brands and consumers alike, lenders must address these emerging issues head-on and create robust defensive measures to prevent trouble down the road.