Financial institutions in the United States saw a spike in cybercriminal activity earlier this year after a series of distributed-denial-of-service-attacks interrupted operations. Although DDoS attacks are primarily designed to disrupt operations, some evidence suggested that these were intended to distract information security professionals while hackers went after valuable data. According to a recent article in The Hill, those threats may have just been the beginning.

"Right now, financial institutions are actively under attack. We know that. I'm not giving you any classified information," said Homeland Security Secretary Janet Napolitano, according to The Hill. "I will say this has involved some of our nation's largest institutions. We've also had our stock exchanges attacked over the last [few] years, so we know ... there are vulnerabilities. We're working with them on that."

As The Hill reported, Napolitano did not give exact details regarding the nature of the attacks, however, she noted that hackers may have stolen data from targeted banks in addition to causing service disruptions. While the threat of stolen customer information is a legitimate risk, the data security implications extend to assets owned by the organizations themselves.

Providing context for the situation, CSO Online columnist Antone Gonsalves reported the financial and insurance industry accounted for 10 percent of all data stolen from breaches in 2011.

"DDoS is just one kind of attack banks must contend with," Gonsalves wrote. "Hackers are stealing customer credentials through malware installed on mobile phones and PCs in phishing attacks. Defending against cyberattacks accounts for a significant portion of the $25 billion banks worldwide spend annually on security technology."

As Gonsalves comments suggest, cybercriminals target financial institutions largely due to the promise of high reward. In addition to meeting regulatory standards, utilizing data encryption is a necessary step to improving information security.