Many of the outcomes of the current COVID-19 crisis are out of our control. That’s why, in this new reality, business leaders and CIOs have to focus on what they can control: the technology that helps us navigate through the crisis.
For financial services companies, that technology now has to handle a sudden and sustained increase in customer demand as everything and everyone shifts online today – and for the foreseeable future. Now that my mother knows how to deposit a check with her phone, she has no intention to drive to the branch for that anymore!
I recently had the chance to speak to a few CIOs: they’ve all confirmed that their teams are responding to these challenges by scaling up infrastructure at record speeds. Their key challenge is to support their customers’ needs, from mobile banking to online payments, from loans to credit card applications, and more.
But CIOs and their teams aren’t the only ones who are busy right now. Bad actors are busy, too, finding any and all vulnerabilities in your online services – particularly your APIs – that they can exploit. If their attacks succeed, these cybercriminals could cause as much, if not more, damage to your business than the repercussions of the current crisis.
A significant increase in attacks
The financial services industry is already a favorite target of cybercriminals and the new reality doesn’t change that. Bad actors are already stepping up their attacks, focusing on a few key industries in which online business grew significantly during the COVID-19 crisis, such as financial services, healthcare, e-commerce, and others.
Here are the facts: we’re seeing a dramatic increase in malicious bot traffic. In the second half of March 2020, account takeover and distributed denial of service (DDoS) attacks surged. (you can read more about our data here).
Attacks focus on APIs
Web and mobile app APIs are prime targets for cyberattacks. An article in CSO Online states that APIs now represent 83% of all web traffic. The article goes on to say that APIs also account for 40% of the attack surface for all web-enabled apps and are predicted to account for 90% by 2021.
Even before our post-covid New Reality, some of the top data breaches and exposures at Venmo, Capital One, and First American Financial, to name a few, were made possible through API security issues.
Increasingly, API attacks take the form of automated attacks via increasingly sophisticated malicious bots. Automated attacks targeting APIs include many of the same types that impact web applications:
- Automated login and credential abuse
- Creating fake accounts
- Credit card fraud
- Gift card fraud
- Content scraping
- Application layer DDoS
Without an appropriate response, the surge in bad bot activity targeting APIs could put the very existence of many businesses at risk. That’s because bad bots can inflict serious damage on your financial services business, including lost revenue, reduced brand value, mitigation costs, breach and notification costs, penalties, and more.
Businesses need to prioritize implementing defenses against automated attacks and find a solution that is fast and easy to deploy, with a time to value in minutes, not weeks or months. Because every second matters.