Because money is involved, attackers have a lot to gain. And for this same reason, the sector has a lot to lose. Doing nothing is therefore not an option. As attacks become more targeted and more sophisticated, response time has to become faster.
Cyber attack threats to the financial services industry is increasing, but so is the industry’s preparedness to ward off such attacks. There is still however a very long road to traverse in order to bring the threats down thе the barest minimum. Firms have to invest more, both financially and in terms of knowledge, to protect themselves. They will also have to collaborate more with regulatory bodies and other financial firms, sharing information and working together to mitigate the risks of attacks.<br />
The financial sector cannot afford to do nothing. Neither can it afford to only react to attacks. The sector has to go on all-out war, and be on the offensive in anticipating these attacks and working to lessen their threats and impacts. Here are some ways in which the sector can become more proactive:
Increasing cyber spending: It costs money to ward off cyber attacks, and financial institutions, whether big or small will have to follow in the footsteps of larger companies to increase spending on cybersecurity. While this may seem an unnecessary expense for smaller companies trying to get a leg up in the industry, they will also do well to consider that one attack has the ability to effectively shut down their business. Therefore, increased cyber spending is nonnegotiable and is a must. In a recent survey, at least 54 per cent of financial services respondents in the US plan to spend more on ensuring security, especially in the mobile channel.
Regulatory focus and sharing of information: Cyber security isn’t a partisan issue, and financial institutions will have to collaborate more with regulatory bodies to collectively share information. While the high profile cases hit the papers and are well known, there still exists a huge problem with smaller cases of cyber crime going completely unreported. In 2015 for example, the Office for National Statistics estimated that there were 2.46 million cyber incidents and at least 2.11 million victims of cyber crime in the UK. Meanwhile, only 716,349 cyber incidents in total were reported to Action Fraud during that same period. Financial service companies need to share information more, both with other players in the sector and with regulatory bodies. This way, they’ll have better visibility into emerging threats, and a greater ability to prepare for them.Most firms have just now realized the benefits of working together and with governmental bodies to prevent cyber attacks. Industry collaboration is expected to grow through avenues such as Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Systemic Analysis & Resilience Center (FSARC), and the Sheltered Harbor.
A better merger and acquisition process: Mergers and acquisition activities usually leave financial businesses with patched together IT networks that are often open to attack. Moving forwards, companies undergoing a merger and/or acquisition process need to be better prepared, and work to ensure a seamless process that is less vulnerable to attacks.
Multiple-point verification processes: Not only do financial businesses have to ensure a properly protected network, they also need to ensure that all activities that occur on their networks have multiple-point verification processes to ensure that attackers have a more difficult time getting into their systems. The JP Morgan Chase breach of 2014 was particularly embarrassing because there was no requirement for two-step verification, making the hackers’ job very easy.
Implement new technology: Cyber crime is evolving fast, and this is also brewing a quickly growing cyber security industry. New technologies such as micro virtualization, for instance, isolate tasks so that if malware enters a particular part of the system it can’t spread anywhere else. Financial companies, without saying, need to implement new security technology.
Staff training: Businesses need to bring their staff up to speed on how to avoid susceptibility to attacks. For example, 90 per cent of malicious activity starts with an email containing a harmless looking link that someone clicks. Many attacks still begin with just one compromised endpoint.
Anticipating risks from third parties: Firms must recognize the potential for increased risks when outsourcing, and must collaborate with third party vendors to make sure they take the right measures to protect their data.
Focusing on cyber security from the very beginning: Companies need to begin to integrate cyber security and privacy in the beginning stages when designing and developing new digital products and services.
Cyber continuity and cyber contingency: Today, almost all financial companies, whether a single office or an international conglomerate, rely more and more on computer systems to function. If majority of them were attacked today, the reality is that it will shut them down. Firms thus have to also focus on continuity from the word go. Even while being proactive and trying to ward off cyber attacks, the truth is that some firms will still get attacked. This makes it imperative for all financial firms to sit up, take note, and plan for the inevitable, and be prepared to get back up and running ASAP if they do suffer an attack.