Financial sector and breaches: best practices for staying secure
November 2016 | EXPERT BRIEFING | RISK MANAGEMENT
There is no doubt that hacks are on the rise, especially in the financial sector, which has become an increasingly attractive target. In recent years there has been a spate of attacks against banks, which have resulted in the theft of remarkable amounts of either data or money.
In the age of ‘Big Data’, cyber criminals can compromise almost any type of personal information. As technology evolves, the number of routes for cyber criminals to gain access to this information is growing rapidly. Cyber attacks are also increasing due to more financial organisations using the cloud, adopting bring your own device (BYOD) policies and other connected objects.
Reasons behind attacks
The cyber crime landscape is always changing. With attacks against financial organisations on the rise, IT security professionals in the industry often find it difficult to respond or stay one step ahead. Today there are many different forms of hacks and cyber attacks against banks and the wider industry; equally, there are many different reasons behind these attacks.
State-sponsored cyber attacks are often considered the new form of interstate spying and are often aligned with either the political, commercial or military interests of the country of those carrying out the attacks. State-sponsored attacks can often be difficult to uncover, as they do not typically cause too much disruption. Usually the perpetrator will deploy malicious malware on the victim’s systems that often remains dormant, staying invisible for long periods of time.
Insider threats are probably the biggest risk to the financial industry, with 64 percent of security professionals saying insider threats occurred more frequently in 2015. Insider threats are attacks carried out – both accidentally and maliciously – by those within an organisation, be they employees, contractors and third parties, or disgruntled ex-employees.
Insider threats can be difficult to detect. Despite the increasing risk associated with them, many organisations do not put as much focus or necessary controls in place as they do with external attacks.
External attacks are another key security concern for banks. Simply, these are attacks by anyone outside of an organisation. However, beyond that, the reasons behind external attacks can differ greatly – state-sponsored attacks are just one example. More usually, external hackers are simply cyber criminals out for personal financial gain.
Hacktivists are another form of external attacker, who has a perceived ideological or moral purpose for carrying out the attack. Arguably, the most famous example of a hacktivist group is Anonymous.
Impact on financial institutions
Financial organisations can suffer disastrous consequences as a result of hacking. The initial damage that has to be dealt with is the damage to reputation. After an attack, customer and partner trust in an organisation can deteriorate rapidly, leading to a loss in business opportunities. This in turn can have a severe impact on an organisation’s finances, with customers looking elsewhere and money being spent on retroactive action and even fines.
However, over time reputations can be fixed, to a certain extent. Though fixing the problem presents a far greater, ongoing problem. After a breach, financial organisations will face constant scrutiny from board members and auditors to ensure that the same does not happen again. This alone puts IT departments under extra stress to ensure complete security.
It is almost inevitable that industry confidence will erode with each high profile breach. Our research shows that organisations in the UK are overconfident when it comes to security breaches; this is in spite of the exponential growth seen in the number of recorded breaches in recent years. While the financial industry is one of the most regulated, until there is stringent enforcement to disclose a breach, no one will know how many attacks are truly taking place.
What can businesses do to mitigate risk?
All financial organisations, regardless of size, are at risk of a cyber attack. The biggest mistake an organisation can make is to believe a breach simply will not happen to them – zero risk does not exist in today’s world. However, there are simple steps organisations can take to minimise risk.
Security policy and employee education. Financial organisations need to ensure that comprehensive security policies and employee education programmes are in place. The policy should outline the responsibilities of everyone on the team and the process for reporting suspicious activity. Security software needs to be in place and up to date so that risks are constantly being monitored.
Data protection. Providing the same level of security to all of your data can be difficult and can often lead to holes in your data protection that can be exploited by hackers. To lessen this risk, it is crucial for organisations to focus on their most important and sensitive data. The tightest security controls should be placed around this data to ensure it is properly secure.
Access control. Knowing who has access to your data – especially the most sensitive data – is a key factor in keeping it safe. Access must be tightly controlled and only granted to those that need it. In addition, the IT department needs to keep a close eye on the access taking place, so they will be able to spot when anomalies occur and take appropriate action. Similarly, when employees or third parties leave an organisation, it is crucial that their accounts and associated access are shut down immediately. Dormant accounts are one of the easiest ways for cyber- riminals to gain access to an organisation’s IT systems.
Identity and access management. Key to implementing these security practices is a comprehensive identity and access management system – which is essential for both large and small organisations. It represents the foundation of a secure system. Organisations can spend time and money securing parts of their applications or networks, but it is having unparalleled knowledge of who their users are and being able to control their levels of access that will provide the necessary security.
With insider threats seemingly a main source of security breaches today, identity and access management is the cornerstone of preventing unauthorised access to sensitive company data. Without a comprehensive security policy and identity and access management system, financial organisations are leaving themselves open to security breaches.
Thierry Bettini is the director of international strategy at Ilex International. He can be contacted on +44 (0)203 741 9560 or by email: firstname.lastname@example.org.
© Financier Worldwide