Threat actors are constantly improving and getting more technically sophisticated, organized and professional. This includes leveraging artificial intelligence (AI) to make attacks faster and more sophisticated, targeting high-value industries, including finance. In response to these trends, financial institutions will have to rely on the power of AI to stay one step ahead.

The Professionalization of Ransomware Actors In the not-so-distant past, ransomware attacks were usually conducted by small, rather insular groups. Although there were certainly attacks attributed to state actors or groups with ties to foreign governments, most ransomware attackers were plain old criminals, usually acting on their own. Today, the ransomware industry is professionalizing. Individual groups are specializing in different parts of the ransomware process. Some are focusing on the initial stages of identifying victims and finding potential paths for attack, becoming access brokers to those targets. Other groups are leveraging that access and specializing in exploiting vulnerabilities, compromising targets and deploying ransomware or exfiltrating data. Another category of criminals is taking on the role of the “face” of the attack, communicating and negotiating with the victims. The stages of this ecosystem are now automated or bundled into kits that require less skills to execute. As these groups specialize in their respective areas, they are getting better at their jobs. They are building up expertise, and adopting or developing increasingly sophisticated tools, often leveraging artificial intelligence. In recent months there have been waves of compromises across specific sectors that highlight how these techniques are being refined. In April 2025, several UK retailers were compromised. In June 2025, it was insurance companies, and in July 2025, multiple airlines were targeted. General Countermeasures in Financial Services There are many actions financial services firms can take to reduce the likelihood of a successful social engineering attack. Some of the most relevant of these steps can be split into three main groups: Reduce Your Footprint There is a lot of information out there about your company, executives and staff, as well as the connections between them. There are commercial databases and breached information describing roles, management structure, personal details such as home address, family information, school and other affiliations. This information makes it easier for a threat actor to target the help desk and impersonate an employee. Companies should take advantage of commercial services that manage the process of removing personal data from commercial databases and reduce this footprint. Improve Access Management As many standards and regulations recommend, multifactor authentication (MFA) is a key control that can reduce the risk of successful social engineering attacks. The configuration of the MFA should limit the options available to threat actors and prevent them from accessing the environment even when they have valid usernames and passwords. Establishing conditional access restrictions in which only enterprise managed devices are allowed to connect to the internal environment is also a good way to reduce the likelihood of successful compromises. Helpdesk teams should be trained to accurately validate the identity of users, require more physical interactions and ensure that non-corporate devices are not onboarded into the access management solution. Enhance Detection There are many telltale signs that an account has been compromised, such as “impossible travel,” in which a user has two connections from different regions in a short period of time.

"Once the threat actor gains access to a system, AI can run the attack on a largely autonomous basis"