Financial institutions in APAC region face escalating cyber threats

Report unveils unique cyber challenges facing the region

Financial institutions in APAC region face escalating cyber threats

Cyber

By Roxanne Libatique

Akamai Technologies (Akamai) has reported that the Asia-Pacific (APAC) region has the highest median threat score globally for phishing attacks targeting financial institutions.

The data was outlined in Akamai’s State of the Internet report, Navigating the Rising Tide: Attack Trends in Financial Services, which also revealed that the financial services industry remains the most targeted sector for Layer 3 and Layer 4 distributed denial-of-service (DDoS) attacks.

DDoS attacks against financial institutions

For the second year in a row, financial services accounted for 34% of global DDoS attacks, followed by the gaming sector at 18% and the high-tech sector at 15%.

DDoS attacks target financial institutions due to the sensitive nature of their data and the high value of the transactions they handle. These attacks focus on overwhelming the network infrastructure, leading to service outages, customer dissatisfaction, and potential regulatory consequences.

Akamai’s report attributed much of the rise in these attacks to ongoing geopolitical tensions, citing the activities of hacker groups like REvil, BlackCat, and KillNet, particularly in connection with conflicts such as the Russia-Ukraine war and Israel-Hamas fighting.

Other cyber challenges facing financial institutions

Other notable insights from the report included the following:

  • Financial services experienced the highest level of brand impersonation, making up 36% of all suspicious sites tracked, ahead of commerce at 26%.
  • Phishing was the most common type of attack, accounting for 68% of counterfeit domains targeting the financial sector.
  • The report noted an increase in Layer 7 DDoS attacks aimed at applications through APIs, with unprotected shadow APIs identified as a significant vulnerability.
  • Attack frequency and intensity do not always align. Certain periods saw fewer attacks, but those that occurred showed large traffic spikes, indicating more severe threats during those times.

Commenting on the report’s findings, Steve Winterfeld, Akamai’s advisory CISO, warned that cybercrime presents serious risks to financial services, leading to widespread disruptions and economic damage.

Unique cyber challenges facing APAC and Japan

The report further highlighted the unique challenges facing the Asia-Pacific and Japan (APJ) region due to its rapidly expanding digital infrastructure.

Although phishing domains in the region are fewer than in other parts of the world, the region still ranked highest in terms of overall threat scores related to suspicious activity.

The report attributed this to the combination of fast digitalisation in banking and relatively low awareness of phishing risks, which leaves many consumers vulnerable. With high internet penetration and heavy social media usage, APJ is particularly susceptible to brand impersonation and phishing schemes.

Reuben Koh (pictured), director of security technology & strategy for APJ at Akamai, emphasised that financial institutions in the region must address the challenge of safeguarding assets while ensuring compliance and staying ahead of phishing and scam tactics.

“With financial services continuing to be the most targeted industry in APJ for web application and API cyberattacks, technology decision makers like chief information security officers must carefully decide where to automate, delegate, and outsource, ensuring scalable security solutions that not only defend assets but also preserve customer loyalty in an increasingly digital world,” he said.

Insurers and asset managers boost cybersecurity investments

In a related report, a survey conducted by Moody’s found that insurers and asset managers worldwide are increasing their investments in cybersecurity.

The survey, which included 110 firms, showed that cybersecurity spending rose by more than 50% between 2019 and 2023. The percentage of IT budgets dedicated to cybersecurity grew from 5% to 8% over the same period.

According to Moody’s, insurers and asset managers are adopting advanced security practices, including regular vulnerability assessments and comprehensive incident response plans.

Nearly all companies surveyed require cybersecurity evaluations of new vendors, and 91% of them conduct ongoing reviews to ensure that vendors remain compliant with security standards.

Additionally, the use of cloud services is expected to increase, with firms planning to reduce their on-premises IT infrastructure from 65% to 55% in the coming year. Currently, around 20% of their IT operations are hosted on public cloud platforms.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!