Businesses in the financial sector were attacked 65% more than the average business in 2016, IBM Security recently reported. Over 200 million total records were stolen last year–an increase of 937% over 2015.

All of that lost data comes on the heels of a comparably small increase in the number of attacks against the financial sector–there was only a 29% increase in attacks in 2016. Despite the increase the finance industry still managed to trail (by huge numbers) behind the two sectors that lost more records, government and communications.

IT and security professionals who work in the financial sector have their work cut out for them, but the biggest question is where to start: With external threats or internal ones?

Why finance?

It doesn’t take a lot of guessing to figure out why the financial sector is such an attractive target: It’s where the money is. Nick Bradley, Practice Lead at IBM X-Force Threat Research, says that 2016 signaled a sea change in the way hackers are going for records: They’re moving to where the money is.

See: Experts predict 2017’s biggest cybersecurity threats (TechRepublic)

Previous popular targets have been healthcare and retail, which makes sense: There are financial and personal records in both industries that can be used to steal identities and commit fraud with ease. In 2016, Bradley said, “we saw a significant resurgence to financial services as criminals decided to go directly to the source money.”

That sounds like bad news for tech professionals who work in finance, and it is–but there is a bright spot: 200 million records may have been breached in 2016 but that pales in comparison to the three billion compromised records from the information and communications sector. IBM chalks that up to better investment in security by financial firms.

The threats targeting financial firms

It’s a common refrain in security news, and this article is no different: Insider attacks are to blame for the majority (58%) of compromised records. That doesn’t mean there are malicious people inside your organization, though: 53% of insider attacks occur without the originating individual even knowing.

Malware installed from questionable websites and phishing attacks account for many insider attacks, indicating yet again that employees are unaware of the most common threats to personal and business security.

See: 6 common enterprise cybersecurity threats and how to avoid them (TechRepublic)

Outsider attacks are still common, accounting for 42% of breaches, and the report indicates that many malware makers targeting finance are switching targets from large banks and business accounts to private banks, wealth management firms, and high-value accounts.

Again, IBM credits this shift with increased security at large banks, so if you work in a smaller or more high-capital industry it’s time to devote more time and money to security.

How to prevent threats to financial firms

There aren’t any surprises here: IBM’s recommendations to financial firms are a common refrain heard again and again in cybersecurity reports. Nevertheless they bear repeating:

  • Train employees to recognize threats: New employees should be trained on how to recognize a phishing email or a questionable website. Periodic refreshers should also be mandatory.
  • Minimize insider threats with access control: By tightly controlling who can access what, insider threats are greatly reduced from both malicious and unknowing actors.
  • Leverage machine learning to increase threat response: Machine learning can be used to identify suspicious URLs, files, and wording on websites to block them.
  • Develop, implement, and practice an incident response plan: It’s a lot of work to develop a plan for incident response, but it’s definitely better than scrambling when the inevitable happens. Don’t forget to do regular drills either.

You can read the full report from IBM here.

The three big takeaways for TechRepublic readers:

  1. The financial industry saw a 29% increase in cyber attacks in 2016, resulting in more than 200 million compromised records–an increase of 937%.
  2. Insider threats were responsible for more attacks (58%) than outsider attacks (42%). Targets are also shifting from large, and thus more secure, institutions to smaller, higher value ones.
  3. Mitigate threats by training employees, tightly controlling user access, increasing incident identification using machine learning, and implementing a good response plan.

Also see: