Navigating Cyber 2022

This is a thematic summary of the FS-ISAC Global Intelligence Office’s in-depth report of cyber trends in 2021 and predictions for 2022.

The full report is only available to member financial institutions via the FS-ISAC Intelligence Exchange.

FS-ISAC membership is exclusive to financial institutions headquartered in eligible countries. FS-ISAC’s full suite of intelligence products is solely available to members who are directly connected to FS-ISAC Intelligence Exchange.

As cybersecurity becomes a more pressing issue, the quality of cyber intelligence you receive is paramount. FS-ISAC is the only global cyber intelligence sharing community solely focused on financial services. Make sure you get your cyber intelligence from reputable sources.

Executive Summary

The rapid digitization of financial services, which accelerated with the pandemic, has led to an increase in global cyber threats. FS-ISAC’s Regional Cyber Threat Levels (CTL) were raised from GUARDED to ELEVATED three times during 2021. In the past five years, CTL escalations – typically only one per year – were due to major world events like the COVID-19 outbreak and geopolitical tensions. However, a string of high-profile cyber attacks and critical zero-day vulnerabilities caused an unprecedented three escalations because of the ubiquity of the affected parties within the financial sector’s supply chain.

Third-party attacks pose significant risks to the financial industry due to our reliance on a myriad of providers and suppliers. Financial institutions typically enjoy a higher security posture than other sectors, with more mature cybersecurity and intelligence programs. Truly impactful cybersecurity incidents within the sector are therefore relatively rare. However, several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms, with resulting resources expended on assessing exposure, patching, and additional mitigations, as well as increased compliance mandates for third-party operational resilience.

Zero-day vulnerability exploits are increasing due to the increasing attack surface caused by digitization of the sector. The other key factor is the diversification of the kill chain, where criminals specialize in different stages of cyber crime – such as selling malware, access, code, and tech support. It is easy to simply buy(or sell) access to vulnerabilities without needing to know how to find them, resulting in a flourishing market.