Posted on February 7, 2023
Want to interview Gerry?Contact
It should come as no surprise that banks and other financial services companies are favorite targets for hackers and cyberthieves. After all, that’s where the money is.
As cash in bank vaults has been replaced by ones and zeros in the same companies’ databases, bank robbers have also moved online. No need to run the risk of a face-to-face meeting with security guards or police when robbing a bank. Cybercriminals now can attempt to rob banks from the comfort of their own living room couch.
Despite FinServ being a relatively small sector that, employing only 5% of the US workforce, the industry’s businesses are targeted for cyberattacks at a disproportionately high rate. The Congressional Research Service (CRS), part of the Library of Congress, provides policy and legal research and analysis services for the American legislature. Their recently released report on financial cybersecurity estimates that 25% of all malware attacks target financial services companies. A study conducted by Deloitte confirms the industry’s high levels of cyber risk: Two out of three financial industry Chief Information Security Officers (CISOs) that were surveyed reported that their organizations experienced up to ten cyber incidents or breaches in 2020-2021.
In addition to being targeted at a very high rate, FinServ cybercrime costs are the highest across all industries. The CRS puts the average per-company cost of cybercrime at over $18 million per year for financial services companies – 40% higher than the $13 million average cost for all sectors.
The CRS report breaks out two distinct types of risk from cyberattacks. Operational risk, such as a ransomware attack that locks up the company’s data or a DDoS attack that shuts down its servers, limits or obstructs the organization’s ability to provide service. Operational issues are obviously most acute during an attack and in its immediate aftermath.
The second and potentially greater risk in the long term is reputational risk. Few individuals or businesses will choose to keep their money or investments with a bank, credit union or other FinServ firm that cannot protect critical customer data and assets. Fewer still will opt for that bank when seeing new services.
Beyond the ramifications of cyberattacks on individual banks, brokerages, investment houses and other financial service companies, the US government is concerned about a third sort of risk – systemic risk: The financial sector is so highly interconnected that a major cyberattack on one bank or payment network could have devastating ripple effects on other firms.
Numerous factors contribute to growing cyber vulnerability in the financial sector. Here are three:
The financial sector IT environment will continue to grow more complex over time. The risk factors cited above – in addition to the 35-year history of cyberattacks – provide ample evidence that financial firms will remain vulnerable to cyber risk. Taking a few crucial steps, however, can add vital protection for FinTech firms.
First, financial service organization must commit to eliminating no-longer-effective perimeter security solutions and to adopting a Zero Trust security approach instead. Verifying the identity and security posture of every user, device and resource enables faster detection of malicious activity or the presence of unauthorized parties. Enforcing least privilege access controls limits the reach of malicious agents and protects sensitive data from exposure in the event of a breach.
The security software platforms of Secure Access Service Edge (SASE) solutions, such as ZTEdge, are designed from the ground up to address today’s complex hybrid environments in which many employees work from home, many IT resources and apps operate in the cloud, many 3rd parties and contractors need to access corporate IT resources, and a growing number of public-facing apps enable customers to self-serve.
ZTEdge includes essential solutions like ZTNA to deliver secure clientless access to an organization’s apps and data from unmanaged and BYOD devices. Web Application Isolation (WAI) protects apps from unmanaged device risk while enforcing policy-based controls on what apps each user can access, what data they can access, and what activities they can perform. It also includes policy-driven data loss prevention (DLP) controls to restrict browser upload, print and copy/paste to user devices or shadow IT. WAI also cloaks public-facing app surfaces to protect them from threat actors seeking vulnerabilities to exploit.
Based on sophisticated isolation technology that airgaps both user devices and the business’s apps from the dangers of the web, ZTEdge solutions protect against phishing, credential theft and malware infiltration via IMs, virtual meeting solutions and malicious attachments.
Banking has entered a new era and threat actors have not lagged behind. Contact us now to learn how your financial institution can leverage Zero Trust protections to guard against today’s most dangerous cyber risks.
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.
Malicious cyber activity represents a growing threat to Australia's security and prosperity. Read on for important guidance on protecting your organization.
Risk assessment is a key factor in investment decisions. Now, with SEC disclosure rules in effect, investors can more easily take cyber risk into account.