What do the three recent bank collapses mean for cybersecurity in financial services?

Josh Cigna

Josh Cigna

4 minute read

When it comes to cybersecurity, in an ideal world it’s important to balance planning for how to minimize risk in the event of an attack while ensuring minimal impact to users and the business. That’s the way it works if all goes according to plan (spoiler alert: it usually doesn’t!)

Certainly nothing went according to plan for the banking industry in recent months. The collapse of three major banks – Silicon Valley, Signature and First Republic – took many by surprise. While there are many factors that went into the collapse, including bad management and loose regulatory oversight, there was a secondary effect of the banks’ collapse that should give all cybersecurity professionals pause. When panic ensued, new avenues of attack opened up for bad actors looking for new phishing attack vectors. For example, a simple email sent to a panicked bank customer without multi-factor authentication (MFA) implemented could result in stolen credentials and a breach.

This begs an important question: How can financial institutions be better prepared the next time new phishing attacks appear during a crisis? 

Following the bank run in which SVB customers withdrew $40 billion (one-fifth of SVB’s deposits) in a matter of hours, customers were deluged with phishing attacks in the form of deceptive emails full of fake news – often pointing to hastily registered domains designed to steal credentials. A similar fate befell First Signature (which is even larger than SVB) and Signature when it became clear they were in the same overextended position that SVB was.

The crisis that started with SVB may not be over yet. It has put financial institutions on notice that the strongest form of phishing-resistant MFA should be in place before the next bank run puts the whole industry at risk. Small and regional banks may be even more vulnerable, as upgrades tend to move slower and they may still be using legacy systems for authentication. 

In addition to upgrading IAM systems and investing in FIDO-based phishing-resistant authentication technologies, banks and the entire financial services industry can prepare employees and customers in the following ways: 

  1. Remind both employees and customers of the dangers of phishing attacks and what kind of malicious emails they might receive during periods of increased threat. Additional training on different types of phishing attacks — spear-phishing, vishing, or DNS spoofing, for example — is also important. 
  2. Put manual account/payment change procedures in place ahead of time and have a clear customer communication plan about each step. This is especially important for dealing with vendors who may be running the process — no account changes should happen without an actual call and human interaction, either between vendor and customer or vendor and institution.
  3. Incorporate a Zero Trust security model and tighten security internally across the company for all employees, limiting both physical access to critical systems and data and privileged access. 
  4. Implement phishing-resistant authentication, such as hardware security keys like YubiKeys, to provide higher security, user experience and  reliance for customers. Security keys help financial service organizations protect against fraud by stopping account takeovers and targeted attacks by offering high-assurance MFA for employees, contractors and privileged users, so only authorized users have access to critical business and customer data, and critical systems like payroll and trading.

Most banking infrastructures have a mix of legacy on-premises and private or public cloud-hosted services. Regardless of where applications and data reside, banks need to ensure they are protected against unauthorized access. Following these steps will ensure proper cybersecurity in financial services moving forward, and that you can be prepared in the face of another crisis, and improve customer relations by showing them care and forethought has been given to their financial security.

——

To learn more about how finserv can upgrade to higher-reliance systems, read our whitepaper, “Securing financial services with phishing-resistant MFA.” Read our recent blog about how banks need to act now to avoid non-compliance with new Consumer Financial Protection Bureau (CFPB) guidance here.

Talk to our teamTalk to our team

Share this article:
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard
  • Yubico recognized by TrustRadius 2025 Award for top customer reviewsAs AI-driven cyber threats like credential phishing evolve and grow in complexity, phishing-resistant YubiKeys are an important component toward cyber resilience — and our mission to make the internet more secure has never been more critical. To support this, customer feedback is something we take very seriously and is an invaluable tool to ensure we’re […]Read moreawardsTrustRadius
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more