When it comes down to it, Cybercrime has two primary motivating factors: politics (including country- sponsored cyber warfare) or money (including reputation-damaging). Money is much more significant to the daily lives of consumers, and the Finance Industry is the key to this money.
In their everyday life, citizens deal with technology, especially email, for mostly two purposes: leisure or work (e.g. reading news, talking to friends, talking to a customer), or financial transactions (e.g. checking a bank account, paying bills, booking a hotel). This second part usually involves banks, wire transfers, and credit cards.
Finance Industry Vs Cyberattacks
If we realize that the Financial industry only has two options to talk virtually to their (large) customer basis: email or SMS - and the second is expensive, too short, and too simplified, we can understand how important email is and how vulnerable email is to cyberattacks.
The Finance Industry is constantly harassed by direct attacks on their infrastructure, and by indirect attacks to their vendors and partners. The difference is that the Finance Industry is also very exposed to attacks on their customer base, serving as a vehicle (brand abuse) for direct (phishing and other social engineering manoeuvres) attacks on their customers and using Email.
Email Phishing and Spear Phishing is, above all, related to the way consumers deal with their money. They are constantly asked to purchase this, receive that, check a balance, get a loan, see a credit. One careless look at an email and a citizen may be placing his/her credentials at a fake bank website.
What can the finance industry do about this “third party phishing”?
Find an Email Security solution able to provide proper interaction on the usage - report phishing, submit invalid domains, check for domain squatting, and able to use that interaction as part of a global framework of threat intelligence. As a practical example, if Bank A’s system learns about invalid domains sending phishing on Bank A’s behalf, then that system must notify every other system, and distribute blocklists across the internet.
Organizations must ensure their domains and communications are secure: by enforcing authentication (SPF, DNSSEC, and so on) and by ensuring all squatting combinations for Domains are dealt with.
On the communications side, organizations must foster and harden their direct communication flow with customers, warn them about (not) requested personal identifiable information and credit data, avoid links and images. As an example, if Bank A keeps telling customer B not to share nothing over email, if customer B suddenly receives an email asking to share something, they will rightfully suspect something.