Financial institutions are not new to the game when it comes to facing cyberattacks. In fact, the industry routinely appears near the top of the list of those most frequently targeted by cybercriminals. However, the way in which organizations are being attacked, and the way they’re fending off attacks, is ever changing.
Let’s take a look at some of the recent trends in financial services when it comes to cybersecurity. Main points to be discussed include:
Attacks on the financial industry have become a prominent enough threat that state and federal governments are stepping up to the plate when it comes to defense.
In fact, we saw New York Governor Andrew Cuomo address cybersecurity in a big way in September as he issued new regulations for financial institutions across the state. The plan comes on the heels of several high-profile breaches, and calls for companies to set up specific programs dedicated to cybersecurity. It also requires organizations to hire chief information officers (CIOs) to help manage defense strategies. The regulations were said to be the first of their kind by any state or federal agency within the United States.
Even more recently, the Board of Governors of the Federal Reserve System, the Office of the
Comptroller of the Currency, and the Federal Deposit Insurance Corporation announced that they intend to propose rules to help large banks bounce back from attacks. Some of the categories they hope to improve as a result of the rules implementation include cyber risk management, governance, internal dependency management, external dependency management, and incident response.
On a global scale, U.S. Sen. Mark R. Warner, a member of the Senate Finance Committee, has advocated for cyberattacks on financial institutions to be a key agenda item at the G-20 summit.
These are just a few of the latest government actions being taken with regards to cybersecurity. Each of them shows us that not only are the threats presented by cybercriminals dangerous to individuals and organizations alike, but they now have the full attention of lawmakers.
These recent government activities are just one of the factors that have started many within the financial industry to begin talking seriously about what they can do to better prepare themselves and customers to handle breaches. While the industry continues to expand and improve access to services, many organizations are taking a step back, recognizing and evaluating the threats, and building a plan to address the challenges that can come attached to advancements.
“Shadow IT” has been a term that’s grown in popularity as file sharing apps and other collaboration tools are now commonplace in today’s organizations. While IT may not be responsible for managing these applications, they do need to make sure they are secure. As a result, IT teams are proactively investigating what types of cloud technologies are in use so they can better develop and implement security solutions to protect their workforce and customers.
While most employees within financial organizations are regularly educated on security, those that are “newly banked” have recently become the center of security education efforts. Individuals with new bank accounts typically have very little knowledge of existing threats, making them likely candidates to be targeted victims of attacks. This has led to organizations establishing a variety of programs, including consumer training, to help individuals manage their accounts and steer clear of red flags when banking.
These types of educational efforts are designed to protect both the customer and the bank from being attacked and thereby putting sensitive data in the hands of criminals.
Across industries, not just within financial services, bring your own device (BYOD) policies are being encouraged among the workforce, and a growing number of organizations are “digitizing” their business models. The digitization is being made possible by embracing the cloud in a number of different forms. While these initiatives improve employee morale and make it easier for them to access enterprise data and systems while on the go, it also creates a much larger attack surface that needs to be protected.
While basic IT security protection like firewalls and antivirus solutions used to be enough to keep things buttoned up, the risks now extend far beyond the network’s fundamental perimeter. As a result, organizations have invested in a diverse security solution ecosystem filled with individual platforms and tools. While these individual solutions are critical to protecting against the threats being posed, there is a chance that the big picture can be neglected in the process.
With all of this in mind, we are seeing many financial services organizations looking for, and investing in integrated security solutions that allow them to make all the information gathered from the one-off tools they have deployed actionable. Here at Fortinet, we’ve partnered with a number of technology providers, including Brocade, Carbon Black, Centrify, Pulse Secure, Tufin, WhiteHat Security, and more to give customers a more comprehensive view of the threat landscape.
With whaling, spear-phishing, ransomware and other attacks making headlines in the financial services industry, timely threat intelligence has become more important than ever. Financial organizations that implement threat intelligence solutions are able to stay ahead of threats and mitigate any damage that may be done. The real challenge, though, is making sense of all the threat intelligence that firms are inundated with - both from their own systems and from third party vendors. Making threat intelligence actionable in a timely manner is critical.
It’s very common for today’s organizations to conduct tests and simulations of attacks to evaluate their security capabilities. Additionally, integrated security solutions can help with this process, as IT managers are able to view all data and analysis collected by their suite of tools through a single pane of glass.
Due to the sensitivity of financial data and its value to cybercriminals, financial organizations will likely remain in the crosshairs. Keeping up with the latest trends and implementing the most up-to-date technologies could make a difference when it comes to cybersecurity.
We hope this list of information better prepares your organization to defend. Let’s get a conversation going on Twitter! What recent security trends have you seen in the financial services industry?