28 May 2018
Breana Patel- Bonova Advisory
Breana Patel

Breana Patel- Bonova Advisory

Breana Patel - Bonova Advisory | Risk &Regulatory Advisory

18Posts 159,953Views 2Comments
Finextra community

Business Knowledge for IT

This community aims to provide links, resources, book suggestions, tips and insights to facilitate learning and development of IT professionals in financial services, and to develop a forum for IT professionals to exchange views on various related items.

Risk of Misunderstanding Cyber Security

19 January 2018  |  8820 views  |  0

Risks of Misunderstanding Cyber Security

The financial services sector has been through tremendous adversity since the Great Recession. Institutions have emerged from the financial crisis only to find tougher regulations and constant threats from cyber attacks. In fact, these recent cyber attacks and data breaches are changing the way banks operate and view risk.


The cost of cybersecurity breaches for the financial services industry includes not only financial losses but damages to reputation and a reduction in customer confidence as in the case of Wells Fargo. Repeated security breaches can severely impact the long-term health of a financial institution. By understanding these threats, identifying them, and implementing strategies to mitigate damage are essential for the financial well-being of an institution.

An Enterprise-Wide Approach To Cyber Security

Cyber risk can often be considered a non-traditional risk to an institution. However, in reality, cyber risk should be treated as any other risk to an institution. Cyber risks should be part of the enterprise risk management at a holistic enterprise-wide level just like credit, market, operational and liquidity risk.

Reacting To Cyber Threats Is A Risk In Itself

Financial institutions must take a proactive stance when it comes to combating cybersecurity.  Investing in new technologies is an important part of an enterprise-wide solution. Using those technologies proactively to identify, understand and prevent cyber attacks is critical. This holistic approach involves monitoring, testing and experimenting to identify risks. A cyber defense policy should be proactive rather than reactive as threats are always changing and becoming more sophisticated. Also, as the threats evolve, so too does the regulatory landscape. Consistently testing and monitoring can not only prevent attacks but can also prevent costly compliance violations.

Traditional Testing Fails In Detecting Cyber Threats 

Although it’s important to test and monitor for cyber threats, an over-reliance on traditional testing techniques can be a risk in itself. With traditional testing, there are stress testing models where you have statistical models to forecast the amount of capital or liquidity needed to cover losses in the event of stress. Cyber risk is not statistical. A cyber threat is random and malicious and doesn't happen in a predictable statistical fashion. 

For cyber risk management, information security and identifying vulnerabilities to IT systems is of paramount importance. For example, identifying anomalies in a bank’s network traffic might help to hone in and prevent a cyber attack. 

Look Within For Breakdowns In Cyber Security

Many financial institutions’ security breaches are the result of an employees’ actions, albeit in most cases by accident or the result of poor training. Whether it’s negligence in following security measures or inadequate training in identifying and preventing cyber threats, the human element to cybersecurity is a critical component of the enterprise-wide solution. Proper training surrounding security threat identification and threat monitoring should be embedded in a holistic internal program that’s standardized throughout the institution. Proper and consistent training can help eliminate a silo-driven mentality and gaps in security.

Old Systems Habits Die Hard

The most common data breaches in the financial industry are due to the lack of two-factor authentication. Institutions are still using the username and password combination for authentication as the primary access to their system. In 2015, 63% of confirmed data breaches were caused by a password-related hack or theft. In short, cybercriminals are using old vulnerabilities to gain access to data and financial information.

Investing In New Technologies

Investing in technologies that facilitate an institution’s enterprise-wide data visualization strategy can help identify and prevent threats from the outside and inside.

Some banks have begun using biometric authentication at ATMs. Other banks are exploring voice authentication methods. Citigroup has already registered 250,000 customers under their voiceprints system which identifies customers quickly when they call the bank’s customer service center.

MasterCard has created what they call selfie-pay which uses face recognition software to approve online purchases in parts of the U.S. 

In all of these cases, the recognition will be matched to reference data within in the institution placing increasing importance on a holistic approach to investing in data management.

Over-Reliance On The IT Team

Cyber threats and security affect the entire institution, not just the IT department. Cyber risk management is far more efficient with a top-down approach across the whole enterprise, including the IT department. If an institution is over-reliant on their IT department and as a result using a silo-driven method of identifying and thwarting potential threats, they’re likely to be vulnerable to cyber attacks and regulatory violations.  


A successful enterprise risk management approach to cyber security creates a transparent view on a holistic level of emerging cyber risks, gaps and vulnerabilities in the existing legacy systems, and helps to identify potential threats and security concerns.

By visualizing cyber threats across the entire enterprise, new technologies can be implemented, employee training enhanced, and threat monitoring techniques can be updated continuously to prevent data breaches, cyber attacks, and ultimately financial losses and regulatory violations.  


TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Breana

Best Practices in Internal Capital Adequacy Planning

30 April 2018  |  8471 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationWholesale bankingGroupBanking Regulations

How Important is Enterprise Risk Management ?

19 April 2018  |  8719 views  |  0 comments | recomends Recommends 0 TagsTrade executionRisk & regulationGroupOperational Risk Management

Top 10 tips for building RPA Center of Excellence

03 April 2018  |  11053 views  |  0 comments | recomends Recommends 0 TagsInnovationTransaction bankingGroupDigital Banking Trends

How AI is transforming Trade settlements

22 March 2018  |  6050 views  |  0 comments | recomends Recommends 0 TagsArtificial IntelligencePost-trade & opsGroupCapital Markets Technology

Breana's profile

job title CEO | Thought leader in Bank Regulations
location New York
member since 2017
Summary profile See full profile »
Founder of Bonova Advisory a management consulting firm that helps Financial services and government agencies navigate today's most complex regulatory, risk and operational environments.

Breana's expertise

Member since 2017
8 posts2 comments
What Breana reads
Wall street journalRisk

Who's commenting on Breana's posts

Drago Indjic
Mike Ray
Michael King
Behzod Sabirov
Ramdas Narayanan