With approximately 143 million Americans affected by the Equifax breach, cybersecurity for financial institutions is top of mind for businesses and consumers alike. If your financial service institution isn’t keeping up with best practices for cybersecurity, it will be vulnerable to an attack. To protect yourself, learn about the top cybersecurity challenges facing financial institutions and how to reduce your risk.
1. Threats are Everywhere – and They’re Always Changing
Cyber threats are everywhere, and they are always changing. For many institutions, it can start to feel almost impossible to prepare for all threats, or to keep up to date with best practices in cybersecurity.
IBM’s CEO, Ginni Rometty, termed cyber crime “the greatest threat” to every business in the world. This year alone, ransomware costs are predicted to exceed the $5 billion mark, which represents a fifteenfold increase from 2015 levels of $325 million. The costs of ransomware include business disruption, data loss, lost productivity, reputation damage, employee training, and disaster recovery.
What makes cyber crime of all stripes so dangerous is that hackers are constantly evolving to stay ahead of threat mitigation tools available to businesses. Cyber criminals are well-funded, highly skilled, and highly motivated to adapt faster than the good guys fighting cyber crime.
More than ever, financial services institutions need to invest in protection that uses best in class technologies to stay abreast with the changing cyber threat landscape.
2. Consumer Expectations, Compliance Regulations Add Pressure
Financial institutions face strict expectations from regulators and consumers alike.
Regulators require that financial institutions meet an array of compliance standards around cybersecurity; unfortunately, there’s conflicting requirements among regulators that make it more difficult for financial institutions to chart a clear course.
On the consumer side, customers expect more channels, more service, and greater capabilities from their online accounts — not to mention safekeeping of their data. This sets companies up for serious reputation consequences if they let consumers down by suffering a data breach or by failing to innovate service offerings.
3. Third-Party Agreements Increase Risk
To reduce costs and comply with regulations, many financial institutions rely on partnerships. Unfortunately, your business is only as strong as your weakest partner. If your partner is attacked, their vulnerabilities create serious problems for you. Can you trust that your partners are keeping your data safe from attackers?
If you haven’t done so yet, review all of your third-party contracts with cybersecurity in mind. Who has the responsibility to protect data, what if any regulations must be followed to remain in compliance, and who shoulders the blame if something goes wrong? If you do nothing, you risk an attack on a third party negatively affecting your bottom line and your reputation.
When speaking of partnerships that expose your firm to risk, do not overlook cloud vendors. Over half of IT professionals admit that cloud storage decreases their company’s ability to keep sensitive information safe, a recent Netsuke survey found.
When financial institutions rely on the cloud, they lose some degree of oversight over their data. To reduce your risk, ask yourself:
- Where is data is stored?
- Who has access to the physical facility?
- How does the third-party service provider protects data during transfer and storage?
Learn more about the risks of third-party cloud service providers and find out how to protect your data with a cloud audit. An audit will boost your confidence that your cloud partner is in compliance with regulations and exerting sufficient control over your data.
4. Insider Threats and Human Error Can’t Be Ignored
The biggest threat to your institution is already inside the building. In its 2016 Cyber Security Intelligence Index, IBM found that 60 percent of cyber attacks came from inside the company.
The report also indicated that financial firms were in the top three industries targeted due to sizable assets.
An astonishing three-quarters of all attacks were intentional, for instance carried out by a disgruntled employee intent on doing harm to the business. If this seems high, consider that many banks struggle to find qualified tellers. The job does not pay well, the work is repetitive, and there is a lot of down time in the average bank teller’s day. When approached by a hacker who is offering thousands of dollars in exchange for access credentials, can you trust your employees to refuse to participate?
The remaining one-quarter of these attacks were unwittingly cased by human error, such as the employee who downloads a suspicious file, unleashing malware through the system.
Insider threats are so pernicious because they come from the inside — where your threat mitigation tools aren’t searching. This means insider threats go undetected for a long time, causing significant harm, since you’re not looking within for threats. Attempts to check insider threats through stricter security policies can backfire by decreasing employee satisfaction and productivity.
Perhaps the best course forward for financial firms is to focus on the most valuable assets, place them behind a firewall, add robust defenses, and monitor traffic 24/7. Strengthening access control measures, for example by deactivating the access of terminated employees effective immediately, can reduce the chances of a malicious insider attack.
5. Emerging Technology Brings New Threats
Last year brought the largest Distributed Denial of Service (DDOS) attack via the Internet of Things (IoT). In the attack, unsecured IoT devices were hacked to bring havoc on the internet. The proliferation of IoT devices — from fitness monitors and tablets to smart home devices or intelligent personal assistance — adds complexity and new threats for all businesses, including financial institutions.
Financial institutions should take DDoS threats seriously because of the potential for customer panic. Imagine that a similar IoT hack brings down your website via DDoS. Customers are unable to log on to their bank accounts or use your app, so they’re unable to access their money until the attack is under control. This could be a reputational nightmare for your firm.
This fall, senators introduced a new measure aimed at decreasing the cyber risk in the Internet ofThings. The bipartisan legislation would mandate device manufacturers to meet minimum cybersecurity requirements, such as enabling device patching to address vulnerabilities or allowing users to change the default password. If passed, this legislation would reduce the immense risk of IoT devices; however, financial institutions must protect their assets.
Find Out Your Risk and Get Protected Today
Now that you understand the top risks financial firms face, find out how ready you are for the next attack; it’s a matter of when, not if. Get penetration testing to see where your institution is vulnerable and how to protect your data, or set up a free consultation to discuss your concerns.
At I.S. Partners, LLC., we help financial firms understand their risk and protect their data using best practices. When threats are always changing, your business needs information security specialists who are working just as hard at finding new ways to protect you. Call us at 215-631-3452 or request a quote to speak with a consultant today.