Of all the industries targeted by cyber-attackers, financial services is one of the most attractive. As noted bank robber Willie Sutton once said, “Go where the money is … and go there often.” That, it seems, is what cybercriminals are doing, launching malware, Trojans, spear phishing and ransomware attacks at banks and institutions to compromise networks and gain access to valuable data.
According to a recent report based on findings by security ratings firm SecurityScorecard, three-quarters of the top 20 U.S. commercial banks are infected with malware and 95 percent have a Network Security grade of “C” or below.[1] And nearly 1 in 5 institutions use an email service provider with “severe security vulnerabilities,” according to the report.[2] Those statistics prove financial institutions must increase their security profile through a combination of technology, effective security habits and educating their employees about data security and cyberthreats.
CISOs and CIOs are well-aware of the growing problem of cyber-threats and are taking steps to better defend their networks. Many are finding success doing “basic blocking and tackling,” according to a Deloitte study,[3] to lock down their systems and maintain a strong internal network stance. But mobile, cloud and other technologies designed to improve the customer experience are creating additional attack vectors—and making it even more difficult to protect their networks from attack.
Internal systems, too, continue to suffer against targeted attacks such as spear phishing and ransomware, as employees unwittingly open infected emails containing malware or are tricked into providing confidential information. Distributed denial of service attacks, too, remain a significant risk to financial institutions, bringing down networks and reducing their ability to conduct business, which ultimately impacts their bottom line.
Third-party networks, too, have the potential to compromise the security of a financial institution’s network. Vendors, partners and even customers can unleash malware on a network simply by connecting an infected device to the network or sending an infected email.
Add to these threats a mixed bag of sometimes confusing regulatory requirements across geographies, comprising state, federal and international regulations, and the issue of maintaining security in financial services is suddenly that much more complex.
Financial institutions must manage the risk of data at rest and in motion, across international borders and in the hands of its employees—and do so while maintaining the highest security possible and ensuring compliance with myriad regulations.
To be sure, maintaining a secure network among the large and growing number of threats and preserving a strong security posture are daunting tasks. A holistic approach to security is necessary to ensure end-to-end coverage and management.
Financial institutions should consider implementing a comprehensive data governance platform to help illuminate potential attack vectors and threat types. Such a platform should include everything related to security including:
At the heart of any security strategy is a robust network that can support the technologies necessary for comprehensive, integrated security that defends corporate information within the perimeter and beyond. From an expanding network perimeter and new points of entry to increasing app mobility and internal threats, network security measures are pressured to mature as the modern enterprise evolves. Security is a top strategic priority and, as such, should be a holistic undertaking.
Dedicated and broadband connectivity solutions help financial institutions provide the solutions to keep data secure, along with virtual private networks and unified threat management. These, combined with robust firewall technologies, provide a solid foundation for strong security. Financial institutions should look for a network services provider that can handle every aspect of the network, from provisioning to management, to help them focus on providing services and not on maintaining their network.
When it comes to security for financial institutions, the path is riddled with new and evolving threats as well as regulatory and other pressures. A tough security stance is required. A comprehensive security governance platform, supported by the right network, can help make security a less-daunting task.
[1] “2016 Financial Industry Cybersecurity Report,” SecurityScorecard, August 2016, https://cdn2.hubspot.net/hubfs/533449/SecurityScorecard_2016_Financial_Report.pdf
[2] Ibid
[3] Sam Friedman, “Taking Cyber Risk Management to the Next Level,” article, Deloitte University Press, June 22, 2016 https://dupress.deloitte.com/dup-us-en/topics/cyber-risk/cyber-risk-management-financial-services-industry.html#endnote-2