Banks and other businesses in the financial services industry are prime targets for cyberattacks with the plethora of sensitive information contained in customers’ files, especially as more of the world transitioned to online banking and alternative/contactless
forms of payment during the pandemic. Now, a new wave of embedded finance, Banking as a Service (BaaS) and other financial technology (FinTech) software is emerging to make online transactions easier for customers but widening the threat landscape even more
as a result. In August, Advanced Technology Ventures, a venture capital firm with more than $1.8 billion in assets, was
hit by ransomware that led to cybercriminals stealing the personal information of the company’s private investors.
Along with increasing threats, financial institutions must also adhere to regulatory compliance requirements like the
Gramm-Leach-Bliley Act (GLBA) or risk regulatory fines. For instance, a data breach impacting 100 million Capital One customers in 2019 led to an
$80 million fine for “failure to establish effective risk assessment processes.”
According to a
report by the Boston Consulting Group, financial services firms are 300 times as likely as other companies to be targeted by cyberattacks including phishing schemes, ransomware and other malware attacks, and even insider threats. Because of this, financial
institutions must take a more proactive approach to cybersecurity or risk devastating data breaches. Financial institutions can take the following steps to ensure their organization is protected, while continuing to adhere to regulatory compliance.
Detect and Manage Threats
Implementing continuous monitoring and threat detection capabilities is essential for bridging the glaring security gaps many banks and financial institutions are facing. Ransomware is often not a one-time event. In fact, it can happen multiple times to the
same company. Regardless of whether an organization has had an incident or not, it is important to monitor the entire range of networks and apps across the IT landscape on a continuous basis as opposed to periodic assessments. With this type of constant visibility,
companies know if they are compromised or secure.
It is increasingly more important for financial organizations to build a strong foundation by adopting endpoint technologies and other security solutions and processes that formalize their ability to detect cyberattacks at the earliest stage possible. There
are a few ways these technologies can help institutions protect themselves, including providing important context into anomalous behaviors, flagging known indicators of compromise and accelerating threat detection and response. Though, detection alone does
not stop cybercriminals from attacking. Once suspicious activity that could indicate early steps in an attack are detected, it's important for companies to have controls in place to stop further activity and an incident response plan to mitigate the attack.
Backup and Disaster Recovery
According to the
National Cyber Security Alliance, 60 percent of small and midsize businesses that experience a hack go out of business within six months. Because of the significant impacts attacks have on organizations, backup and disaster recovery planning can help businesses
quickly recover from attacks such as ransomware. As one of the simplest forms of disaster recovery, a backup entails storing essential company data off-site that can be restored if an attack impacts a business. With good, verified backups, an organization
may be down for just a few hours because of the time required to restore from backup.
Planning for potential disruptions can save an organization not just valuable time, but also significant amounts of money in terms of lost revenue, credibility and recovery services. A
recent report showed that the average total cost of recovery from a ransomware attack can reach up to $2 million. Creating a plan before a disaster takes place also puts organizations in a better position to avoid paying ransoms due to the ability to resume
operations. A solid disaster recovery capability can limit the impact of cyberattacks to being a minor disruption rather than an event that ends a company.
Security Leaders Should Report Directly to CEO
Security leaders in financial organizations should report directly to their CEOs and board of directors to ensure security is aligned with the larger business objectives. Just 7% of security leaders report directly to the CEO, according to a
recent study from Ponemon Institute and LogRhythm. This reporting structure allows security leaders to directly communicate potential threats to the organization, mitigate risks
and influence each function in the organization to create greater security awareness.
Now more than ever, the financial industry must take a proactive approach and invest in cybersecurity solutions that automatically detect malicious behavior and block further access attempts. These steps not only protect companies and the customers they
serve but also ensure financial organizations are adhering to regulatory compliance.
Companies must create an incident response and disaster recovery plan that’s updated regularly to properly prepare for external threats and align their plans with the C-suite's overarching business goals.