On Tuesday, October 17, 2023, Akamai Technologies released a report titled "The High Stakes of Innovation: Attack Trends in Financial Services" as part of the "State of the Internet" series. This report sheds light on the financial services sector in the Asia-Pacific and Japan (APJ), which remains the most frequently targeted industry for cyberattacks worldwide.

Between the second quarter of 2022 and the second quarter of 2023, the number of attacks on web applications and APIs in this industry increased by 36 percent, totaling over 3.7 billion attacks. The report underscores that Local File Inclusion (LFI) continues to be the primary attack vector, contributing to 92.3 percent of attacks on the APJ financial sector. This poses a significant threat to financial institutions and their customers.

Financial service companies in the APJ region are known to employ third-party scripts to expand their services and enhance the customer experience. Data analyzed by Akamai reveals that approximately 40 percent of these scripts originate from external sources. This indicates that companies, especially banks and consumer-focused institutions, face a high level of risk as they expand their digital footprint to reach more customers and compete with rivals.

Reuben Koh, Director of Technology and Security Strategy (APJ) at Akamai, stated, "The APJ financial services sector is one of the most innovative and competitive in the world. As more financial institutions adopt third-party scripts to offer new features and interactive experiences to consumers rapidly." However, he also noted that companies typically have limited visibility regarding the authenticity and vulnerabilities associated with these scripts, adding an extra layer of risk to their operations.

The Akamai report also highlights a 128 percent increase in malicious bot traffic in the APJ since 2022. This confirms the ongoing attacks on financial services consumers and their data. Cybercriminals use bots to enhance the scale, efficiency, and effectiveness of their attacks. The APJ region ranks as the second most frequently targeted area globally, with 39.7 percent of total malicious bot requests aimed at financial services.

Australia, Singapore, and Japan are noted as the countries in the APJ region most frequently targeted by cyberattacks, with three-quarters of all web application and API attacks directed at these nations. Reuben Koh emphasizes that financial service companies in the APJ region must remain vigilant against the continuous efforts of cybercriminals to develop more sophisticated attacks as the sector undergoes innovation. Particularly, as companies start adopting open banking practices involving the use of APIs and third-party scripts, they should prioritize digital security, provide continuous cybersecurity education to consumers, and invest in uninterrupted security solutions to safeguard their users.