More than 80% of risk management executives in the financial services industry say emerging cybersecurity risks take more of their time than ever before, according to a recent Accenture study. “As attacks become more sophisticated and frequency increases, financial institutions are in the crosshairs.”
Although cybersecurity expenditures have increased, companies remain exposed to harm because the “threat gap,” the space between dollars spent in preventive measures and risk, continues to grow.
In other words, threats are increasing faster than solutions.
One challenge is that consumers demand anytime access, and providers have not caught up to risk-prevention measures necessary to accommodate this greater accessibility.
“Banks need to take a broader, intelligence-based approach to cybersecurity,” the report notes. This will include consideration of geopolitical activities, risk presented by third parties, and ‘exposed insiders.’”
Further, “for success over time, cybersecurity needs to be baked into the business—products, services, and digital investments” that nurture growth while providing protection.
Institutions that do not adopt this tenet risk their competitiveness.
This week, an examination of cybersecurity trends, evolving threats, and suggestions to help you keep a step ahead of fraudsters.
‘There is no security on this earth; there is only opportunity.’ --Douglas MacArthur
“Small Banks Face the Greatest Risk from Hackers,” says The Boston Globe. Smaller institutions are at greater peril because of “less robust security” and are thus more ready targets for trouble.
Due to the interconnected nature of banks, a community bank that is compromised could impact other banks, “spreading like a virus and threatening the security of and confidence in the banking system.”
Although smaller institutions do not offer the magnitude of reward fraudsters realize in larger venues, they will provide entry to the system where a large amount of damage can be done.
Cybersecurity protection is an expensive proposition. IDC Research says by 2020 businesses will spend $101.6 billion to thwart cybercrime, up 38% from $73.7 billion spent in 2016.
It is expected that in 2016, the banking industry will have been the biggest cybersecurity spenders, at $8.6 billion.
‘Distrust and caution are the parents of security.’ –Benjamin Franklin
An examination of cybersecurity trends will help illustrate the variety of threats and justify security expenditures. Are you prepared to confront the issues?
Insurance Journal enumerates “6 Cyber Security Trends to Watch in 2017.” They are:
1. More ransomware; as much as a “10-fold increase.” Previous demands may have been $5,000 to $10,000. The FBI has suggested that payment might be the best choice, but smaller companies can’t meet demands. Costs beyond payment include repairs, lost revenue, and investigation.
2. Regulatory enforcement will be at the forefront, requiring financial institutions to meet increasingly complex compliance requirements.
3. “Trickle-down effect” as criminals gain entry via the “weakest link,” putting smaller entities at greater risk.
4. Malware and viruses get updated and bypass existing protections. Further, they may remain undetected for a greater amount of time.
5. Increasing crime market as the “dark web” gains prominence and consumers provide more private data.
6. “Sophisticated market manipulation” as participants engage in insider trading.
Beyond Trust adds to the list with “Ten Cyber Security Predictions for 2017.” Among them: Greater prevalence of attacks in the cloud, compliance demands will require updated hardware and electronic devices, and fraud-fighting behavioral trackers will be important innovations—think facial recognition and measuring typing speed.
In a final exploration of problems, Inc. lists “4 Cybersecurity Threats You May Be Overlooking:”
‘People want security in this insecure world.’ --David Bailey, photographer
Despite the complex and burdensome issues surrounding fighting cybercrime, there are steps you can take to improve your security.
Begin with analysis of your circumstances. According to complianceandethics.org, consider your ability to recognize risk and conduct annual risk assessments to detect areas of weakness.
Also, determine whether you have adequate cyber insurance and a response plan that has been tested.
Finally, ask who is responsible for managing breaches and take note of your data breach response vendor.
“About half of companies… have hired a full-service vendor to manage their large-breach response efforts,” and “nearly three in four respondents indicated a preference for a single vendor to handle all the services,” the article notes.
In greater examination of the cybersecurity strategy, Security Magazine outlines “10 Steps to Building a Better Cybersecurity Plan.”
Morgan Stanley argues that in light of escalating cybersecurity problems, “what’s needed now isn’t more security, but better security.”
This requires a paradigm shift.
Increasingly, “defense in depth” is the approach. A Morgan Stanley survey of chief information officers revealed the majority had either already purchased or planned to buy 15 types of technology.
“While some level of redundancy is needed, this strategy is overly complex and relies largely on human judgment,” the article notes. Security expertise is hard to find, and companies need to be able to distinguish between real and false threats.
Integrated solutions may provide some relief as “baked in” security becomes standard in the cloud and devices.
Also, growth in the Internet of Things will enable greater safety as “embedded-chip security [is] applied in many more verticals.”
A pwc survey says managing threats demands expertise in four areas: Collection of meaningful intelligence in real-time; determining repercussions on the organization of such intelligence; identification of activity to lessen threats; and fast response with appropriate legal, technical, and operational actions.
Understanding cyber threats and your abilities to detect and respond to them is especially important to financial institutions.
However, despite financial institutions’ large expenditures in this area, Forbes says “The financial sector has lagged behind. Online banking platforms are built on top of an infrastructure that is still heavily reliant on paper and human interaction, leaving it prone to loss, error, and social engineering techniques.”
Consider the potential for human error in your cybersecurity efforts. It may be an area of vulnerability you’ve not fully examined in deference to understanding technology’s shortcomings and advantages.