Staff education is critical to financial institutions' cybersecurity efforts, as the most common way hackers break into a network is to steal valid login credentials, according to Nick Roberts, technical research and marketing manager for DefenseStorm, and 93% of phishing emails include ransomware.

The bulk of attacks come from hackers in China, Russia, North Korea and Ukraine, Roberts said on a webinar on Tuesday. The most common type of attacks include phishing, "a major source of consternation and difficulty" for firms, Roberts said, and malware, which is "still another popular attack sector."

Outdated machines

Misconfigured and outdated machines are also a threat. "Obviously, updating machines and making sure they're running the most recent version of software is important, but hackers also understand they can build a database of machines that are outdated and misconfigured," Roberts said. "If you're not updating those machines or you're not configuring them properly, they're going to be exploited."

Michael Oldright, security engineer at DefenseStorm, suggested firms with limited resources to devote to updating their technology infrastructure segregate outdated systems on their own VLAN or network segment. Whitelisting can also help identify specific systems that have been tested and are known to be safe.