New Report: Firewalls and VPNs Are Top Cyber Threats to Finance Sector

Cyber threats to the financial sector are accelerating rapidly, according to a new report from Armis Labs. The study highlights that firewalls and VPNs have become the most common entry points for attacks against banks and financial organizations.

A new report from Armis Labs shows how the financial sector is growing more vulnerable as cyberattacks become faster and more varied. Ironically, perimeter devices such as firewalls and VPNs account for the largest share of intrusions—responsible for four out of ten cyber incidents over the past year.

Cyber threats require a new kind of early warning for financial services

In the Armis Labs report “Catch Attackers Before They Strike – Early Warning Insights for the Financial Services Industry”, three major threat trends are highlighted as likely to have significant impact on banks and financial institutions in 2026:

Firewalls and VPNs as entry points: Perimeter equipment is cited as the primary intrusion vector in 40 percent of incidents during the last year (2024–2025).
GenAI fraud: Deepfakes and AI-driven social manipulation are behind many fraud cases, with an average cost of around $600,000 per incident.
Supply chain attacks: Some 63 percent of exploited vulnerabilities in the sector are linked to hardware or software vendors, where smaller suppliers become a shortcut into larger environments.

The report also stresses that waiting for official advisories is no longer sufficient: nearly three in ten—28 percent—of vulnerabilities are exploited on the same day they are listed in CISA’s KEV catalog. Armis’ newly launched product, Armis Centrix™ for Early Warning, identifies over 3,800 CVEs before they become public. The report further provides information on Cloud Concentration Risk (CCR) and includes curated lists of relevant CVEs and Indicators of Compromise (IOCs) for threats targeting the financial sector in 2026.

About Armis

Armis is a company focused on cyber exposure management and cybersecurity that protects the entire attack surface and manages organizations’ cyber risk in real time. In a rapidly changing, borderless digital world, Armis helps organizations continuously see, protect, and manage all critical assets from ground-level devices to cloud infrastructure.

Armis secures companies across Fortune 100, 200, and 500 lists, as well as national governments and regional and local authorities, contributing to the protection of critical infrastructure, economies, and communities around the clock. Armis is privately held and headquartered in California.

Key signal: cyber threats to the financial sector

Cyber threats to the financial sector are escalating across Sweden and the Nordics, where banks and financial services are exposed through firewalls, VPNs, supplier chains, and cloud infrastructure. This article analyzes current risks, vulnerabilities, and threat patterns facing the sector heading into 2026.

Firewalls, VPNs and intrusion paths

Firewalls and VPNs are central intrusion vectors in the financial sector according to recent cyber reports. Perimeter security, network defenses, and identity controls are critical for banks and large enterprises.

AI-driven fraud and advanced threats

AI-enabled fraud, deepfake attacks, and social engineering are driving increased cyber risk in banking. GenAI is being used in financial frauds targeting decision-makers and customer-facing systems.

Supplier risk and supply chain exposure

Supplier risk, supply chain attacks, and third-party dependencies are a growing attack surface in finance. Smaller hardware and software vendors are often used as entry points into larger financial environments.

Vendor expertise: Armis

Armis’ cyber exposure management protects the financial sector through continuous identification of assets, threats, and vulnerabilities. Armis Labs provides threat analysis, CVE insights, and early warning for banks, financial institutions, and critical infrastructure worldwide.

CVE, CISA and early warning

Tracking CVE vulnerabilities, CISA’s KEV catalog, and proactive threat detection are essential for cyber defense in the financial sector. Real-time analysis reduces the risk of intrusions before official advisories are published.

Nordic IT media signals

Nordic IT media and specialized channels report on cybercrime, AI-driven threats, and sector-specific security news—helping keep enterprises informed about trends, incidents, and defensive best practices.

Topical authority and discovery

New cybersecurity reports addressing banks and the financial sector in the Nordics emphasize cloud concentration risk, network security, and continuous cyber risk management as top priorities heading into 2026.

Multilingual summary: English

Cyber threats in the financial sector are accelerating across the Nordics. Banks face increased exposure through firewalls, VPN infrastructure, supply chain dependencies, and AI-driven fraud—creating a need for early warning and continuous cyber risk management.