Our new digital, tech driven world is always switched on. It is constantly demanding more data, more resources and faster response times to adding even more tech to back it up. Staying online and active all year round requires cybersecurity that is strategic, proactive and expecting the unexpected.
Is it a lack of defences or are cyber criminals getting smarter?
Unfortunately, in a rush to capitalise on tech innovation and growing profit margins, not forgetting the hunger to be ahead of all competitors, many organisations in the financial world are underestimating the risks of cybersecurity.
Cyber crime is growing at such a rate that it is often running slightly ahead of any processes the financial industry has in place. To put context to this growth, the FCA (Financial Conduct Authority) in 2018 received 145 breach alerts, up from just 25 in 2017.
Investment banks are not being let off which also saw a tenfold increase year on year from 3 to 34 and retail banks 1 to 25.
“We have seen in recent times, an increase in reports of cybercrime. This could very well be opposed to being fuelled by a mix of; the continued increase in the adoption of the IoT (more end-points and access), the rise of eCurrencies (no need any more for a suit case full of cash), increase in regulation and penalties and a general lack of cyber hygiene by the public in general.” Joao Costa, Projects and Programmes Manager in Business Technology.
To add even further context, April 2017 will conjure images of hassle and financial loss when seven British banks including Royal Bank of Scotland, Santander and Barclays were forced to shut down their organisations systems following a bombardment of cyber-attacks. The level of sophistication and entry points has increased significantly since then.
Events like this means that banks who have not invested in the latest cyber defences are falling behind to the rate at which cyber criminals are expanding. Those responsible for the attacks have a different result if they should fail. For example, the consequence of a failed cyber infiltration, if not caught through criminal proceedings, is negligible (it will cost them their time and resources but no money). On the same note, if they are successful, they can easily recoup their investment a hundred times over.
Already assume you have been breached – even when you haven’t
Reading this so far, it may seem as if you are fighting a losing battle and it is easy to focus on the short-term wins and preventing a minor attack each time, they come your way. There are simply too many threats from a growing gathering of cyber criminals for you to keep up and the more technology you implement, the higher chance of failures and gaps in your systems. We are seeing regulated organisations moving an increasing percentage of applications to the cloud, rather than on-prem, partly in a bid to ensure they protected by the latest security systems. In addition, the level of IT disaster recovery plans has increased significantly to combat an attack having a company-wide security meltdown.
“Interestingly, the anatomy of the crimes and the way criminals get the “keys to the front door” continues to be very low-tech in nature, which clearly suggests that individuals and organizations should concentrate more on ‘pre-breach’ strategy: education, training, implement serious basics in privacy (e.g. don’t post the picture of your car number plate on Instagram) and make sure you can truly answer the question – What to do if it happens?” Says Joao Costa.
Does your cyber security budget and systems fit the size of your business?
There are not many companies in the financial industry that can confirm wholeheartedly their cyber security budget and protocols fits the threats they are up against, legacy system-based companies are at the forefront of these risks.
Compared to other organisations, banks and insurers should have significantly stronger cyber security defences as the financial information they hold gets the attention from cyber criminals as the main prize. Historically over complicating security systems to protect legacy or overly complex architecture results in insufficient protection and a costly approach.
Cyber security is far from the opinion that, ‘who spends more is the most protected.’ The problem often originates from new technology being bolted onto existing legacy systems. This can duplicate applications already in place, make old ones that were effective redundant and causes a potential false understanding of the level or protection in place. This has further implications when it comes to purchasing cybersecurity insurance, both for the (re)insurer and the insured.
Organisations are now looking to leverage new technologies that is creating these gaps in security, like blockchain and AI, to manage exposure.
Which emerging technologies have the greatest potential to support cyber protection? It is a continuous race of playing catch up with cyber criminals and unless the financial and insurance industries continue to act, it will result in significant financial losses and customers looking for an alternative solution in an already competitive marketplace.
This is a topic we thrive on discussing and finding solutions for; for more information please contact Mark Weller: firstname.lastname@example.org