COMMENTARY: The financial sector has long been a top target for hackers. Banks, insurance companies, and fintech firms manage enormous volumes of sensitive data, including customer information, payment details, and high-value transactions, making them highly attractive to cybercriminals.
In 2024, these attacks have grown more sophisticated, frequently leveraging a combination of ransomware, data exfiltration, and phishing to cause significant harm.
Recent incidents highlight the critical stakes for the financial sector. Earlier this year, the MOVEit file transfer vulnerability was exploited, compromising confidential client data at multiple financial institutions. Similarly, cyberattacks on payment processing platforms and ransomware campaigns targeting regional banks have resulted in billions of dollars in losses, including operational downtime, ransom payments, and regulatory fines.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
These breaches damage a company’s reputation and also bring intense regulatory scrutiny to financial institutions. Non-compliance with data protection regulations like GDPR, CCPA, and PCI-DSS can result in hefty fines, often amounting to millions of dollars. Additionally, the repercussions are increasingly personal, with board members and executives being held accountable for shortcomings in cybersecurity practices.
In November 2024, Finastra, one of the world’s largest financial technology providers, reported a breach involving its internally hosted file transfer platform. Cybercriminals allegedly exfiltrated more than 400 gigabytes of sensitive data, including financial instructions for bank and wire transfers. This stolen data was subsequently discovered for sale on dark web forums.
Finastra serves more than 8,000 financial institutions worldwide, including 45 of the top 50 banks. This breach underscores the pivotal role fintech providers play in global financial operations—and the substantial risks they face. While the incident occurred outside a cloud environment, it offers valuable lessons for cloud practitioners. It highlights the vulnerabilities of file transfer systems, the necessity of robust access controls, and the importance of proactive monitoring, regardless of whether the infrastructure runs on-premises or in the cloud.
The Finastra breach, though originating in an on-premises system, carries important lessons for cloud practitioners:
- Hybrid environments are common: Many organizations, including financial firms, operate in hybrid environments where cloud and on-premises systems coexist. Weaknesses in one environment can easily compromise the other, especially when file transfers or APIs connect the two.
- Visibility into data flow has become critical: Comprehensive visibility into data flows is essential, whether data resides in the cloud or on-premises. The Finastra breach highlights the importance of tracking and protecting sensitive data across all environments to prevent unauthorized access.
- File transfer systems are prime targets: Whether hosted in the cloud or on-prem, file transfer platforms are a frequent target for cybercriminals. The vulnerabilities exposed in this breach are a reminder to rigorously assess the security of all file transfer systems, regardless of where they are deployed.
- Cloud environments are not immune: Although this breach didn’t involve the cloud, it illustrates how attackers exploit misconfigurations and vulnerabilities to access high-value data. Cloud systems face similar risks if they are not adequately secured, making this a cautionary tale for all environments.
As security leaders, it’s essential to embrace continuous learning, challenge assumptions, and strengthen defense strategies. The Finastra breach insights extend beyond cloud security, offering lessons to enhance overall cybersecurity resilience. Here are four important takeaways for cloud practitioners and the broader security community:
- Implement zero-trust architectures: The breach underscores the necessity of a zero-trust security model. Assume all users, systems, and connections are potentially compromised, and enforce strict access verification for every data interaction. In cloud environments, this involves robust IAM policies, multi-factor authentication (MFA), and role-based access controls to limit access to sensitive resources.
- Monitor and encrypt data in transit and at rest: Security teams must encrypt sensitive data, whether it’s stored or in transit. Cloud practitioners should leverage native encryption tools offered by cloud platforms and conduct regular audits to ensure configurations align with security best practices.
- Secure APIs and file transfer mechanisms: APIs and file transfer systems are frequent attack vectors. In cloud environments, practitioners must validate API configurations, apply rate limiting, and scan for vulnerabilities regularly. Modern file transfer solutions should include encryption, detailed auditing, and anomaly detection to quickly flag unauthorized access attempts.
- Adopt proactive threat hunting: Continuous monitoring and threat detection are critical. Leveraging AI-driven tools, such as anomaly detection and behavior analytics, allows for early breach detection and minimizes the window of exploitation. Cloud-native tools such as AWS GuardDuty or Azure Defender for Cloud offer powerful capabilities to proactively identify and mitigate threats.
The financial sector’s vulnerability to cyberattacks, combined with escalating regulatory demands, underscores the critical need for robust cybersecurity measures. The Finastra breach serves as a stark reminder for cloud practitioners of the importance of securing data flows, enforcing zero-trust principles, and proactively monitoring for potential threats.
Now that cloud adoption has accelerated across industries, it’s more important than ever to integrate these lessons into security strategies. By doing so, organizations can reduce the risk of data breaches, protect sensitive information, and uphold customer trust in an ever-evolving and increasingly hostile cyber landscape.
Shira Shamban, co-founder and CEO, Solvo
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective, and non-commercial.
