The annual threat report from the Financial Services Information Sharing and Analysis Center, or FS-ISAC, identifies key risks driven by geopolitical shifts, emerging technologies and changing criminal tactics. “The report’s findings underscore the complexity and unpredictability of today’s threat landscape,” said Steve Silberstein, CEO of the FS-ISAC said. The report found that stability and continuity of the global financial system remain under constant threat from lone hackers, organized criminal gangs and nation-state actors. However, the overall threat level globally, including for the Americas specifically, is at the lowest of the four levels FS-ISAC has in its Cyber Threat Level, or CTL. The CTL for each region is an industry barometer of cyber risk set by regional Threat Intelligence Committees, or TICs, made up of experts from FS-ISAC member firms. “The relative stability of the CTLs reflects the sector’s ability to manage the changing threat landscape,” the FS-ISAC report reads. “The overall ratings in each region were more stable than they have been in years past,” the report notes. Regardless, TICs have raised concerns about specific elements of the threat environment, which the consortium highlighted in the annual report.For a period of roughly two weeks in May 2024, the cyber threat level in the Americas region increased one level due to ongoing activity by Scattered Spider, the threat actor that compromised MGM Resorts and Caesars Entertainment in 2023. The report called the threat actor “credible” and “sophisticated,” adding it is believed to be based in the U.S., U.K. and Canada. FS-ISAC members voted to return the threat level from “elevated” back to “guarded” later in the month. Supply chain risk continues to be a primary worry for the financial sector worldwide, according to FS-ISAC. The industry’s significant reliance on third-party vendors increases exposure to disruptions that can have widespread impact. Recent incidents involving software vulnerabilities in common tools like XZ Utils — an open-source data compression software package widely used in almost all Linux distributions — and Managed File Transfer, or MFT, products such as Cleo and MoveIt highlight this risk. Fraud is surging across multiple sectors, targeting firms, customers and employees, according to the FS-ISAC report. “Real-time payments infrastructure, cryptocurrencies, and decentralized finance mechanisms make it virtually impossible to retrieve stolen funds,”