With 2016 in the books, we can take a look back and see that it was a banner year for cybercriminals. From the successful breach of the DNC to DDoS attacks that disrupted service for tens of millions of IP addresses, it seemed as though no industry or organization was completely safe from threats.
Due to the sensitive nature of its data and the value it holds within the cybercriminal community, the financial services sector was a top target in 2016 and will likely remain in the crosshairs moving into 2017. As the attacks grow in both number and complexity, financial services institutions will have to prepare to better detect and mitigate threats in order to protect their organization.
Here are a few cybersecurity predictions we expect to see within the financial services industry in 2017.
For years, the financial services industry has trailed behind other industries when it comes to moving data to the cloud. Information security concerns remain, but we have seen some large banks and other organizations making the move to public cloud providers like Amazon Web Services (AWS) and Rackspace.
Today’s public clouds offer scalability, flexibility, and reliability, while also allowing organizations to only pay for the services being used. All of these factors can lead to increased savings and organizational effectiveness, but as always, security needs to remain at top of mind.
As cloud adoption grows across the industry in 2017, organizations need to ensure the data being passed to the cloud is put through the same scrutiny as all other data, that visibility into that data is maintained, and that security policies and enforcement are applied consistently regardless of the location of that data. We expect to see security solutions designed to protect the cloud continue to evolve and make protection simpler and more effective.
There were a number of large banks that experienced data breaches in 2016. In a few different cases, cybercriminals stole traditional login and password information to conduct fraudulent transactions, which damaged the business’ reputation.
To better combat this existing problem, we expect 2FA to come to the forefront as an additional layer of defense in 2017. 2FA combines something you already know (passwords) with another type of authentication that’s unique knowledge to you (mobile phone, email address, etc.).
This solution keeps traditional login and security measures in place while giving customers (and financial organizations) a stronger sense of security when managing sensitive financial transactions.
The financial services industry may not come to the front of our minds when we think of the Internet of Things. However, the IoT’s prowess is impossible to ignore with 24 billion IoT devices expected to be installed across the world by 2020.
The insurance industry is already relying on the IoT to align driving behavior with premium rates by leveraging data from in-vehicle telecommunication devices. The banking industry is also expected improve the experience for retail customers with IoT initiatives like personalized customer rewards.
Regardless of how the data is being accessed and shared, it must be secured in order to protect customers. We expect financial services organizations to control network access, segment traffic, and invest in solutions that can help them manage the complex nature of today’s cybersecurity landscape.
In September 2016, New York Governor Andrew Cuomo proposed a first-in-the-nation cybersecurity regulation to better protect consumers and financial institutions. Around the same time, a group of U.S. senators sent a letter to President Obama asking him to make cybersecurity a priority at the G20 summit in China.
We expect these types of initiatives to remain a focal point of government action on both the state and federal levels in 2017, and organizations will need to be ready to meet these standards. With failure to adhere to regulations resulting in costly penalties and damaged reputations, financial services institutions will likely look to invest in additional cybersecurity solutions to meet these increasing demands.
As cybersecurity solutions evolve, so too will the complexity of the attacks being developed. In 2017, financial services organizations should consider investing in deploying a security fabric architecture that provides awareness and visibility into all security elements, integrates them into a single, operationalized defense and response system, and allows for centralized orchestration and automation through a single management platform. This fabric should also provide open APIs (Application Program Interface) to enable integration and intelligence sharing with other third-party network and security solutions.
We hope these predictions will help your organization to better defend itself against attacks in 2017. Let’s get a conversation going on Twitter! What financial services cybersecurity trends do you expect to see in 2017? Also, read Derek Manky's 2017 Cybersecurity Predictions for the threat landscape on our blog.