The Ongoing Financial War Between Providers and Hackers

0
Cyberthreats to the financial sector causing the industry to develop countermeasures for online transactions and more. (Image credit: 68219386 © Welcomia | Dreamstime.com)

Please welcome back Harper Lane. She is a frequent contributor to the 21st Century Tech Blog. Harper lives in the Birmingham area. She has been into technology for a very long time, as her writing contributions show. She says that she likes explaining complex concepts to readers.

For those of us who live online, relying on the medium to do our buying, banking and bill paying, some of the content described in Harper’s discussion of financial sector practices will be very familiar. All that layered security we navigate; all the usernames and passwords; and all the other “inconveniences” are because of cybercriminals. In 2025, a Kaspersky report noted more than one million online banking and financial transactions were threatened by credential theft, and that threat isn’t going away soon.   


There is an ongoing tug-of-war between those who design financial system security and hackers. The finance industry has long been a prime target for cybercriminals, and as digital transformation accelerates, the stakes continue to rise. Banks, investment firms, and payment processors now operate in a landscape where vast amounts of sensitive data move through interconnected systems every second. While these innovations enable faster transactions and improved customer experiences, they also create new vulnerabilities.

At the centre of this evolving environment is an ongoing battle: financial institutions striving to defend their systems while hackers continually adapt their tactics to exploit weaknesses. This has created a digital arms race, one where each advancement in defence is met with an equally responsive offence.

The Evolving Tactics of Financial Cyber Threats

Cybercriminals have become increasingly sophisticated in targeting the financial sector, often leveraging techniques such as phishing, a form of social engineering that tricks individuals into revealing sensitive information through deceptive emails or messages. How do these attacks happen? An employee may receive what appears to be an internal request from a supervisor asking for login credentials, when in reality, it is a carefully crafted attack.

Another method of attack involves malware.  Malware is software designed to infiltrate systems and extract data or disrupt operations. In a bank, malware could be embedded in an email attachment that, once opened, installs itself and begins monitoring keystrokes (capturing passwords and account details without immediate detection).

Lateral movement is another form of attack, with hackers navigating across networks once they penetrate the system. These attackers can gain access to low-level employee accounts and gradually escalate privileges, eventually reaching systems that control transaction processing or customer databases.

These layered approaches tend to unfold in stages, each one building on the success of the previous penetration.

Strengthening Defences with Advanced Security Systems

To counter evolving threats, financial institutions deploy comprehensive systems built around a cybersecurity platform. It integrates multiple layers of protection using a unified architecture.

  • Intrusion detection systems (IDS) can be used to monitor network traffic for suspicious activity. If an unusually high volume of login attempts occurs within a short period, IDS can flag it as a potential brute-force attack.
  • Behavioural analytics use machine learning (ML) to establish a baseline of normal user activity. If deviations occur, such as users accessing systems at unusual hours or from unfamiliar locations, the system generates alerts. Deployment can prevent fraudulent transactions by identifying anomalies before funds are transferred.
  • Endpoint security protects individual devices such as computers and mobile phones. For remote work environments, a phenomenon that is all too prevalent today, this type of security is essential.
  • Automated responses to potential threats, particularly when dealing with fast-moving attacks, are an excellent way to isolate compromised accounts, block suspicious IP addresses, or initiate multi-factor authentication challenges.

The Human Factor in Cybersecurity

Despite all these sophisticated tools, human behaviour remains one of the most significant variables for cybersecurity. Social engineering has a significant role to play. Cybercriminals exploit trust, urgency, or authority to manipulate individuals into making mistakes.

Training programs to recognize phishing and be vigilant for malware can address our human vulnerabilities. Employees can learn to identify suspicious communications and recognize other potential threats. If it doesn’t seem right, it is good practice to check with the source.

Simulated phishing and other campaigns allow organizations to test how employees respond to potential threats in a controlled setting without the real-world consequences of an actual attack.

Customers need to be part of the equation. Today, financial transactions increasingly happen online, where users must navigate risks independently. Consider high-value transactions such as a pension rollover. During this process involving transferring retirement funds between accounts, attackers may attempt to intercept communications or provide fraudulent account details. Without proper verification protocols, such incidents can produce significant financial losses.

To mitigate the risk, financial institutions implement safeguards like multi-factor authentication (MFA). MFA requires users to provide multiple forms of verification such as a password, a one-time code sent to a mobile device, or identifying the presence of a common object in a segmented image. These layers may seem like a pain to customers, but they create friction for wannabe cybercriminals.

Regulatory Pressures and Compliance Challenges

Financial organizations operate within a complex web of regulations designed to protect both institutions and consumers. These frameworks often require the implementation of specific cybersecurity measures and regular reporting of incidents.

A key concept is risk-based authentication, where security measures are adjusted based on the perceived risk of an individual transaction. Routine logins from known devices may proceed without interruptions. Attempts from new locations or devices, however, trigger extra verification steps, balancing security with user experience.

Compliance involves keeping detailed audit trails and records of system activity that can be reviewed during investigations. This means every login attempt, transaction, and system change is documented, creating a comprehensive record that supports both internal reviews and external audits.

Security adds complexity, but also drives safety. Adhering to established standards, organizations strengthen their defences while demonstrating accountability to regulators and stakeholders.

The Future of the Cybersecurity Arms Race

New technologies are reshaping both sides of the cybersecurity equation. Artificial intelligence (AI) introduces new capabilities such as predictive threat modelling, where systems analyze historical data to anticipate future attacks. This identifies patterns in fraudulent transactions and proactively adjusts detection algorithms.

Zero trust architecture is seen as a near-future security model. It assumes no user or device should be trusted by default (even within the organization’s internal network). Every access request is verified continuously, reducing the risk of insider threats and lateral movement.

Financial industry collaboration will increasingly be important. Financial institutions are increasingly sharing threat intelligence through industry networks, allowing them to respond collectively to emerging risks. This cooperative approach reflects a broader recognition that cybersecurity is not an isolated challenge, but a shared responsibility across the entire financial ecosystem.

About Quantum Computing

The current state of quantum computing and its use in the financial sector has been described in a previous posting on this site.

As quantum computing technology moves from the novelty phase to mainstream adoption, banks and other financial institutions are in a horse race to develop and test new toolsets to thwart cybercriminals. Detecting minute disturbances in the quantum state means revolutionizing practices as criminal enterprises equally try out the technology to see what it can do for them.

Since 2022, Goldman-Sachs and Amazon Web Services (AWS) have been working with quantum computers to test use cases across a full range of financial transactions. They are among several financial institutions investigating the impact widespread quantum computing adoption will bring.

If the cybercriminals get to quantum computing first, then woe betide the financial sector.