Cybercriminals took advantage of WFH to target financial services companies, say financial bods

Home Wi-Fi was an obvious target, but evildoers also knew to probe cloudy connections


Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the international Financial Stability Board (FSB) on Tuesday.

Established after the G20 London summit in April 2009, the FSB makes recommendations about the global financial system and coordinates financial rules for the G20 group of nations in a non-binding way.

“Working from home (WFH) arrangements propelled the adoption of new technologies and accelerated digitalization in financial services,” the report states.

Workers at home were targeted with phishing, malware and ransomware. These crimes grew from fewer than 5000 per week to more than 200,000 per week between February 2020 and April 2021.

The report also states that greater reliance on virtual private networks and unsecured WiFi access points “posed new types of challenges in terms of patching and other cyber security issues” as IT departments struggled to secure remote workers.

The report said external suppliers also created cracks for crooks to exploit. As the document puts it:

While outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities.

Working from home isn’t going away. Analyst firm Gartner has predicted almost half of knowledge workers will be working remotely in 2022. Apple adopted a hybrid workplan, even for its retail team. And one in five Googlers have said no thanks to coming into the office, despite the lure of all the free snacks, nap rooms, the chance to work without children interrupting everything, and the chance to hear inspirational guest speakers.

The report also suggests the “new normal” for work and the world economy are far from settled:

Any analysis at this stage needs to bear in mind that the pandemic is not yet over and that its economic and financial impact has been greatly mitigated by bold policy actions.

FSB suggests institutions accordingly adjust their cyber risk management processes, incident reporting, response and recovery activities, and how they manage cloud and other third-party services.

The report [PDF] is a preliminary take on the pandemic’s impact on financial stability. A follow-up report to outline next steps is scheduled for October. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021