23 September 2017
Hella Tobias-Vom Scheidt

86491

Hella Tobias-Vom Scheidt - SAP Germany SE & Co KG

2Posts 12,606Views 0Comments

Financial Services: The Cybercrime Playground

05 September 2016  |  8355 views  |  0

Cybercrime is having a good year. It's been steadily rising up through the ranks, and according to PwC is one of the most commonly reported crimes in the financial services sector. It comes in many forms – phishing, pharming, social engineering, whaling, trojans, hacking, mules, back door attacks, carding, and cyber terrorism to name just a few – and is a main focus for Sibos.

Financial services is a playground for cybercriminals. There's so much opportunity, so many different ways in and so much to gain. It takes a company on an average 146 days to even realise a cyber breach has taken place. Why is the response so slow and why financial services are so vulnerable as an industry? There are a variety of reasons, but here are three critical ones I'd like to address.

First, many banks are still underestimating the risk. Less than 40% of economic crime in financial services was reported as cybercrime, according to PwC, because financial services haven't always identified and logged the cyber element. This has given banks an inaccurate picture of their true risk. Second, the internet wasn't designed to protect us. It was designed for information sharing with openness and redundancy, not security. And third, while both the volume of data and data sources have been increasing, not only have old technology platforms reached their limits, but even existing SIEM tools lack the ability to identify patterns in real time or take preventative measures.

Cybercrime is now an established business risk - not just a technical one – that requires a co-ordinated business response:

Education at All Levels: The problem is too big and pervasive to remain relegated to the domain of the IT department. Banks need to educate all levels of employees about cyber threats and the different types of cybercrime. (The majority of internal cybercrime is typically committed by junior staff or middle management). HR can play a strong role in this context of education. All employees should be trained for compliance, which also enables financial institutions to provide evidence of such training to regulators. This should be done at every level.

Culture and Controls: Take a closer look at your controls and processes, particularly with regards to business as usual cyber-risk process controls, and the culture that supports it. Make sure you're able to flag, identify and prevent changes that may be inconsistent with set policies around security, and monitor unauthorised changes to settings or any profile changes to sensitive user IDs, for example. Your cybersecurity governance must be enforced consistently and proactively, and it starts with the processes. You also need to focus your efforts on where the most important data resides. Analyse and correlate context across logs and systems not just expected threats.

Technology and Holistic Approach: Put a modern technology platform in place that's capable of taking a holistic approach to cybercrime. This combines a variety of defences, including business operations, management oversight, and independent audits with sophisticated compliance analytics able to predict and react before anything happens. It's worth remembering that knowledge is power, whether it's coming from your own internal analytics or from co-ordination and co-operation with other financial institutions. Earlier this month, I read an article in the Wall Street Journal about eight of the largest US banks teaming up to tackle cybercrime. This sort of cross-industry collaboration will become increasingly common as the threat of cybercrime continues. 

TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Hella

Risky Business: De-Risking The Insurance Industry’s Digital Transition

31 May 2017  |  4252 views  |  0 comments | recomends Recommends 0

Financial Services: The Cybercrime Playground

05 September 2016  |  8355 views  |  0 comments | recomends Recommends 0 TagsSecurity

Hella's profile

job title General Manager FSI Middle and Eastern Europe
location Ratingen
member since 2016
Summary profile See full profile »
Managing SAPs Financial Services Business in Middle and Eastern Europe, special focus on digital transformation in the Financial Services Industry.

Hella's expertise

Member since 2016
1 posts0 comments
What Hella reads
Hella writes about
Security
Hella's blog archive
May 2017 (1)2016 (1)

Who's commenting on Hella's posts