The Banking and Finance Sector provides a wide variety of financial services in New Jersey, ranging from simple check cashing to highly complex financial arrangements. Financial institutions are organized and regulated by state and federal agencies based on the services they provide.
According to the New Jersey Department of Banking and Insurance, there are 306 financial institutions that have offices in New Jersey. The State has 92 chartered financial institutions, 41 commercial banks, 28 savings banks, three savings and loan associations, four limited purpose trust companies, and 16 credit unions.
The New Jersey Department of Labor and Workforce Development reports that New Jersey’s financial services employ almost 175,000 workers, accounting for 5.3 percent of all jobs in the State.
The Banking and Finance Sector is an attractive and lucrative target for cybercriminals, financially-motivated threat actors, and state-sponsored cyber-espionage groups because it encompasses a broad range of businesses whose primary focus is to collect, transfer, and maintain large quantities of personal and financial data. Cyber threats against this sector include malicious software, social engineering, web application attacks, point-of-sale intrusions, payment card skimmers, and the exploitation of unpatched system vulnerabilities.
Al-Qa’ida and its affiliates have urged supporters through extremist literature to attack the sector and disrupt the US economy. In February 2013, the FBI thwarted a homegrown violent extremist (HVE) plot to attack a California bank with a vehicle-borne improvised explosive device (VBIED). Domestic terrorists’ efforts to attack the sector included an anarchist in 2012, vandalizing ATMs and banks in Oregon. International terrorists also targeted the sector in August 2004 when seven al-Qa’ida supporters were arrested in London for plotting to attack US financial buildings.
Financial sector employees possess the ability to know where and how to gain access to electronic funds and sensitive data that can be stolen, ransomed, or destroyed for personal gain. Since the sector’s function involves wealth management, employees are also susceptible to outside influences to engage in fraud and money laundering.
In July 2015, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) announced a partnership to share and analyze cyber threat information on behalf of New Jersey’s banking institutions. Under the agreement, the NJCCIC’s cyber threat analysts will correlate data from various global financial institutions to identify trends, adversary tactics, and vulnerabilities. The agreement mandates strict data handling, classification, and disclosure protocols to protect confidentiality.
In October 2015, the BuySecure Initiative mandated the implementation of encrypted Europay, MasterCard, and Visa (EMV) credit card technology. Also known as “chip and PIN,” the new initiative helps prevent identity theft and has shifted liability for unprotected transactions to the merchant. If identity theft is suspected, residents of New Jersey have the right to put a security freeze on their credit file. In most cases, a security freeze prevents fraudsters from opening a new credit line in the individual’s name even if they are in possession of personally identifiable information.
The New Jersey Consumer Credit Bill of Rights was created to empower and protect the financial life and credit history of individuals in the State.
The US Financial Crimes Enforcement Network (FinCEN) maintains a national database for Suspicious Activity Report Statistics (SAR Stats). A SAR is a document that financial institutions must file with FinCEN following a suspected incident of money laundering or fraud. These reports are required under the US Bank Secrecy Act of 1970.
- Which terrorist groups are interested in attacking the banking and finance sector?
- What cyber capabilities do terrorists possess to attack the sector?
For more information, please contact NJOHSP's Preparedness Bureau at firstname.lastname@example.org.