The financial services industry is increasingly reliant on multiple digital channels to facilitate business growth. While this provides significant opportunities, it also comes with increasing threats. The industry is now more vulnerable than ever before
to attacks from individuals and groups with a range of motives.
Large scale businesses with high transactional data values are a particular target for organised crime, employees with escalated privileges or, in some cases, governments. The range of tactics is also proliferating, with cyber-attacks, advanced persistent
threats (APTs) and the insider threat all posing a significant risk. One example is a growing trend for highly specific spear phishing attacks on senior figures or those who might have enhanced privileges to systems.
Threat from insiders is a particular concern. While the actual ratio of insider threats to external threats is relatively small, the potential impact remains high. Due the vast array of vendor products on the market claiming to provide the answer to all
insider threats, we’re seeing extensive deployment of point solutions that, in reality, don’t have any bearing on the strategy of the financial institution. The result is a security landscape littered with point solutions that are perhaps not best matched
to the real issues and business needs.
Rather than relying on plug and play vendor solutions, firms would do well to address the internal processes and frameworks first. They must have a solid understanding of their internal users’ normal behaviours and create thresholds for normal and abnormal
activities. Users granted high-level system access require particular consideration, as do consultants who may be drafted in temporarily yet have extensive interaction with internal systems. Are the right measures in place to mitigate risk from the access
these individuals are granted? Is there a well-managed monitoring programme to ensure risks are prevented on an ongoing basis?
In the information age, firms that don’t have the right approach face reputational damage, compromised intellectual property, and potential losses of high net-worth individuals from the private banks. They could also be burdened with regulatory fines and
financial losses to both the firm itself and its customers. Through creating a strategy to identify threats and vulnerabilities, and deploying ways to mitigate them, firms can make better use of their technology and achieve more tangible and meaningful benefits.