Security in the financial services industry is often seen as complex due to having items such as firewalls, encryption, and monitoring software in place. However, often times the biggest weak point for financial services is simply the end user with their compromised login. A credential lapse can escalate to a full exposure of some one’s sensitive financial information.

After the Hightower Holding, LLC Data Breach incident this realization was further solidified when it turned out that the unauthorized access originated from a compromised credential. Although there are many technical specifics related to incidents like this, the pattern is increasingly the same throughout the financial services industry.

Financial institutions today work in highly interconnected environments where employees, consultants, and/or third party partners are frequently working together in a shared environment and sharing various different types of sensitive information including client identification information or records for financial planning purposes - that’s right! - so naturally you design systems to make employees, consultants and third party partners work together as efficiently as possible; therefore, the more open your credential information becomes available, the larger; and/or the greater percentage of people who now have the potential ability to access your credential information however, previously nobody would have ever been able to do so.

Credential-based attacks function very well due to circumventing many traditional defenses. With traditional malware and operating brute force attacks to access a network, alerts are typically generated. However, when a user logs onto a system with valid credentials, it may not generate a security response even though the user's activity is unauthorized.

With the growing popularity of cloud-based platforms and remote access, credential-based attacks have a greater opportunity to occur as many financial service professionals are logging in from many different devices and locations, thereby increasing the likelihood of an unauthorized user to gain access to the data contained within the organization. In the absence of strong authentication measures, such as multifactor authentication (MFA) or behavioural monitoring of users, the access points created by logging in from numerous devices and locations create many opportunities for unauthorized users to exploit and access sensitive data.

The aggregating nature of the sensitive data held by financial institutions (for example; highly structured datasets that contain identity information, financial history, and maybe even tax and related items), increases both its value and risk of exposure if compromised through a credential-based attack.

Many of today’s attacks rely on obtaining credentials to perform their malicious acts. The few traditional malware attacks and brute force attacks that are being performed to access a network result in alert generation; but when a legitimate user accesses any system using their valid credentials, there is typically no security response generated even though the activity being performed by the user is not authorized.

Due to the increase in the number of cloud-based services, and remote access to those services, as well as the increase in use by different users accessing services from multiple devices and locations, credential-based attacks have numerous opportunities to be successful (i.e. numerous opportunities are presented for an unauthorized party to obtain access to the data that is contained within a financial services organisation). Without sufficient authentication methods (e.g. MFA) and/or behavioural monitoring of users, the large number of access points created by having millions of users logging into their accounts from multiple devices and locations will present many opportunities for unauthorized persons to compromise and/or gain access to sensitive data contained within an organisation.

Additionally, the large number of financial institutions (i.e. financial services organisations) that hold such a vast amount of sensitive data (i.e. structured datasets that contain identity information, transaction history, tax information and other related information) increases both the value of their data and the exposure risk (i.e. the risk of a credential-based attack, if successful, will be significant) if their data was compromised.

The possible results for you as an individual aren’t insignificant, as being exposed to just one set of data can put you at risk for identity theft, create fraudulent charges on your credit card or other forms of financial fraud, or expose you to long-term privacy risks. It is important to take steps to protect yourself by monitoring your financial accounts regularly, using strong and unique passwords, and adding additional security measures as necessary to mitigate your personal risk.

As current financial systems evolve, so too do the means to compromise them. This is a clear lesson: in an environment where access is everything, credential management is not simply a basic precaution, it is an integral part of a secure system.