The Financial Conduct Authority (FCA) recently reported that British financial services companies saw a fivefold rise in data breaches in 2018, compared with the year before. As the number of threats continues to increase, a number of financial institutions face a stark reality. If they currently lack confidence in their ability to manage their current threat level, their problems may be about to get worse!
An article in Global Banking and Finance Review looks at what may be in store for financial institutions in the coming year.
As the article explains, the story of cybersecurity within the financial services industry for 2020 will be one of financial institutions (FIs) placing greater scrutiny on their existing security environments, and trying to ensure that they have the strongest foundations to help them weather any cyber storms that may occur.
Security of third-party environments will tighten
Monitoring third parties’ cybersecurity is a growing concern for banks. It’s only logical that if a bank lacks full visibility of all its network entrance and exit points, they are putting their entire infrastructure at huge risk. Third parties are already dividing banks’ security environments, and this isn’t likely to end soon.
As the article points out, the mounting pressure on FIs to achieve a complete understanding of their vast network infrastructure, and to secure their increasing portfolio of third-party environments, needs to at least be somewhat resolved in 2020. To deal with this issue, it’s necessary for FIs to meticulously investigate their APIs and consolidate their security architectures so they have an improved awareness of the risks that face their business.
Cloud misconfiguration leads to confusion
Banks have welcomed cloud technologies with open arms. Cloud as a platform is now being used to cope with the surge in big data, improve operational efficiency and develop banking platforms. FIs are especially interested in how rapidly cloud services can be integrated alongside existing operations.
However, as banks try to roll out cloud services as quickly as possible, security is being deprioritised to spin up new IaaS cloud environments as quickly as possible. This has resulted in fresh risks being created through access point misconfiguration. If FIs don’t make sure that security underpins all cloud initiatives, it’s likely that the propagation of these types of risks is only going to increase next year.
Legacy technology leaves a bad taste
Financial organisations are constantly being held back by their often-archaic legacy technology. One sector that will be especially vulnerable in 2020 is the ATM industry. The bulk of their operating systems rely on Windows 7, which will no longer be supported by Microsoft as of January 14.
Processes and people factors
Banks aren’t immune to the ongoing cybersecurity skills crisis. But as they fight to keep members of their security team on board, there is an absence of staff to keep on top of basic tasks such as vulnerability patching. Despite endeavours to use technology to more effectively manage these tasks, there is still a surprising over-reliance on manual processes throughout the sector.
Throughout 2020, FIs will need to find fresh means of utilising their existing resource more successfully. This can be achieved through readjusting workloads based on detailed threat intelligence, automating more processes and with greater frequency, consolidating activities, combatting organisational silos, or a combination of all these.
Remember bitcoin? At the start of this year, the propagation of cryptominers was a primary concern for many FIs. But as cryptocurrency has declined in value, so too has the popularity of mining malware. Criminals are profit-driven, and the most profitable tactics for them now are their old favourites: botnets and ransomware.
In response to this threat, banks must prioritise operational resiliency. Right now, many organisations are encumbered by a bloated collection of point products. To increase efficiency and better deal with the changing threat landscape, many are seeking to consolidate their cybersecurity solutions in 2020.
Summing up, the article suggests that 2020 isn’t going to be easy for CISOs operating in the financial services sector. And, as talent remains scarce and threats multiply, banks must be sure to invest in the technology that can keep them abreast of the most critical security issues facing their organisation.
The full article is available via the link.