With approximately 143 million Americans affected by the Equifax breach, cybersecurity for
financial institutions is top of mind for businesses and consumers alike. If your financial service
institution isn’t keeping up with best practices for cybersecurity, it will be vulnerable to an
attack. To protect yourself, learn about the top cybersecurity challenges facing financial
institutions and how to reduce your risk.
1. Threats are Everywhere – and They’re Always Changing
Cyber threats are everywhere, and they are always changing. For many institutions, it can start
to feel almost impossible to prepare for all threats, or to keep up to date with best practices in
cybersecurity.
IBM’s CEO, Ginni Rometty, termed cyber crime “the greatest threat” to every business in the
world. This year alone, ransomware costs are predicted to exceed the $5 billion mark, which
represents a fifteenfold increase from 2015 levels of $325 million. The costs of ransomware
include business disruption, data loss, lost productivity, reputation damage, employee training,
and disaster recovery.
What makes cyber crime of all stripes so dangerous is that hackers are constantly evolving to
stay ahead of threat mitigation tools available to businesses. Cyber criminals are well-funded,
highly skilled, and highly motivated to adapt faster than the good guys fighting cyber crime.
More than ever, financial services institutions need to invest in protection that uses best in class
technologies to stay abreast with the changing cyber threat landscape.
2. Consumer Expectations, Compliance Regulations Add Pressure
Financial institutions face strict expectations from regulators and consumers alike.
Regulators require that financial institutions meet an array of compliance standards around
cybersecurity; unfortunately, there’s conflicting requirements among regulators that make it
more difficult for financial institutions to chart a clear course.
On the consumer side, customers expect more channels, more service, and greater capabilities
from their online accounts — not to mention safekeeping of their data. This sets companies up
for serious reputation consequences if they let consumers down by suffering a data breach or
by failing to innovate service offerings.
3. Third-Party Agreements Increase Risk
To reduce costs and comply with regulations, many financial institutions rely on partnerships.
Unfortunately, your business is only as strong as your weakest partner. If your partner is
attacked, their vulnerabilities create serious problems for you. Can you trust that your partners
are keeping your data safe from attackers?
If you haven’t done so yet, review all of your third-party contracts with cybersecurity in mind.
Who has the responsibility to protect data, what if any regulations must be followed to remain
in compliance, and who shoulders the blame if something goes wrong? If you do nothing, you
risk an attack on a third party negatively affecting your bottom line and your reputation.
When speaking of partnerships that expose your firm to risk, do not overlook cloud vendors.
Over half of IT professionals admit that cloud storage decreases their company’s ability to keep
sensitive information safe, a recent Netsuke survey found.
When financial institutions rely on the cloud, they lose some degree of oversight over their
data. To reduce your risk, ask yourself:
- Where is data is stored?
- Who has access to the physical facility?
- How does the third-party service provider protects data during transfer and storage?
Learn more about the risks of third-party cloud service providers and find out how to protect
your data with a cloud audit. An audit will boost your confidence that your cloud partner is in
compliance with regulations and exerting sufficient control over your data.
4. Insider Threats and Human Error Can’t Be Ignored
The biggest threat to your institution is already inside the building. In its 2016 Cyber Security
Intelligence Index, IBM found that 60 percent of cyber attacks came from inside the company.
The report also indicated that financial firms were in the top three industries targeted due to
sizable assets.
An astonishing three-quarters of all attacks were intentional, for instance carried out by a
disgruntled employee intent on doing harm to the business. If this seems high, consider that
many banks struggle to find qualified tellers. The job does not pay well, the work is repetitive,
and there is a lot of down time in the average bank teller’s day. When approached by a hacker
who is offering thousands of dollars in exchange for access credentials, can you trust your
employees to refuse to participate?
The remaining one-quarter of these attacks were unwittingly cased by human error, such as the
employee who downloads a suspicious file, unleashing malware through the system.
Insider threats are so pernicious because they come from the inside — where your threat
mitigation tools aren’t searching. This means insider threats go undetected for a long time,
causing significant harm, since you’re not looking within for threats. Attempts to check insider
threats through stricter security policies can backfire by decreasing employee satisfaction and
productivity.
Perhaps the best course forward for financial firms is to focus on the most valuable assets,
place them behind a firewall, add robust defenses, and monitor traffic 24/7. Strengthening
access control measures, for example by deactivating the access of terminated employees
effective immediately, can reduce the chances of a malicious insider attack.
5. Emerging Technology Brings New Threats
Last year brought the largest Distributed Denial of Service (DDOS) attack via the Internet of
Things (IoT). In the attack, unsecured IoT devices were hacked to bring havoc on the internet.
The proliferation of IoT devices — from fitness monitors and tablets to smart home devices or
intelligent personal assistance — adds complexity and new threats for all businesses, including
financial institutions.
Financial institutions should take DDoS threats seriously because of the potential for customer
panic. Imagine that a similar IoT hack brings down your website via DDoS. Customers are
unable to log on to their bank accounts or use your app, so they’re unable to access their
money until the attack is under control. This could be a reputational nightmare for your firm.
This fall, senators introduced a new measure aimed at decreasing the cyber risk in the Internet ofThings. The bipartisan legislation would mandate device manufacturers to meet minimum
cybersecurity requirements, such as enabling device patching to address vulnerabilities or
allowing users to change the default password. If passed, this legislation would reduce the
immense risk of IoT devices; however, financial institutions must protect their assets.
Find Out Your Risk and Get Protected Today
Now that you understand the top risks financial firms face, find out how ready you are for the
next attack; it’s a matter of when, not if. Get penetration testing to see where your institution is
vulnerable and how to protect your data, or set up a free consultation to discuss your concerns.
At I.S. Partners, LLC., we help financial firms understand their risk and protect their data using
best practices. When threats are always changing, your business needs information security
specialists who are working just as hard at finding new ways to protect you. Call us at 215-675-1400 or request a quote to speak with a consultant today.
