The financial services sector is a high-value target for hackers, and therefore always under attack. While it’s critical to ensure effective security, financial services must also be able to conduct business in real time—with no network slowdowns given they’ve been deemed critical infrastructure by many governments. Fortinet's Brian Forster offers some perspectives on the current state of cybersecurity for the industry.
Most financial services companies have now reconciled themselves to the fact that they will be compromised, not “if,” but “when.” More than 50% of the time, organizations are breached within minutes of an attack. 54% of these breaches aren’t discovered for months. In light of this, one of the biggest challenges is how quickly can organizations identify the compromise, mitigate the damage, and respond. Employee cybersecurity awareness still remains critical.
The Verizon 2015 breach report highlighted that two-thirds of Cyber Espionage incidents involve Phishing, and history shows that a cyber scam campaign of just 10 emails yields a greater than 90% chance that at least one employee will click on a malicious link or attachment.
Integrating multiple different security vendors into their environment is a third challenge. There is no effective one-stop shop that can deliver comprehensive cybersecurity. Most FSIs are adopting a multivendor strategy for cybersecurity, utilizing different combinations of cybersecurity solutions for firewalls, email, sandboxing, wireless, endpoint protection, and SIEM (Security Information and Event Management), to name just a few pieces in the cybersecurity ecosystem. All this means that open APIs are critical to ensuring that the ecosystem of security partners can be successfully integrated for effective cybersecurity.
BYOD and IOT have expanded the challenges that both IT and the business face. Integrating these changes into the existing IT infrastructure and driving business value out of them is a major concern. The digitalization of business is forcing FS institutions to reimagine the industry, and how their business models will change going forward. The cloud (private, hybrid, and public) has passed the tipping point with FSIs. They are all embracing the cloud in various forms, but this brings challenges in terms of security, business models, and infrastructure to name a few.
The financial services industry is moving away from building higher walls to a defense-in-depth, risk based approach via internal segmentation around high value, high-risk repositories of critical information, such as debit card PINS and credit card numbers. A holistic, company-wide, integrated approach to cybersecurity, while elusive, is critical. Integrated teams on fraud, information security, IT, compliance, and physical security, along with new models for product and software development will speed response, reduce costs, and leverage scarce talent. This will result in better cybersecurity as well as faster threat awareness and mitigation. Actionable, real-time threat intelligence is another essential tool. Firms have a veritable blizzard of data that can help them prevent attacks and/or identify an attack quickly, but only if they can understand the data. A Ponemon Institute revealed that surveyed IT executives believed that less than 10 minutes of advance notification of a security breach would be sufficient time for them to disable the threat. To achieve that, you need to be able to parse through mountains of data quickly and accurately.
The challenge for financial services firms is that the standards and mandates are constantly evolving, so staying in alignment with the standards is both challenging and expensive. Even worse, in many cases, different mandates are at times in conflict with each other, e.g. in terms of how firms are supposed to handle data, which cybersecurity standards to implement, country by country differences in security requirements, etc. Also, security implementations are always challenging. For example, many firms have embraced the concept of segmentation or defense-in-depth. However, identifying what assets are most critical, where internal firewalls should be placed, and ensuring that security policies follow users across different network segments are just a few of the challenges firms must solve as they implement new cybersecurity solutions.