Top Cyber-Security Trends for Financial Services

 
 
By Karen A. Frenkel  |  Updated 01-17-2014 | Posted 01-17-2014 Email Print this article Print
 
 
 
 
 
 
 
 

CIOs and CISOs harbor "acute concerns" about cyber-security risk management in today's new normal of persistent cyber-threats, according to management consulting firm Booz Allen Hamilton. The firm enumerates how banks can cope in its third annual list, "Top Financial Services Cyber Security Trends for 2014." After witnessing DDoS attacks from the Izz ad-Din al-Qassam Cyber Fighters, for example, top financial services executives have learned that such online assaults have the potential to destroy data—and damage a brand's reputation. Furthermore, they understand that cybercriminals attack a bank wherever it does business, not just at headquarters. But they also see the critical benefits of public-private information sharing, Booz Allen says. "Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber program that responds to an institution's critical business risks, while considering the new realities of a complex and interconnected operating environment," says Bill Stewart, senior vice president and head of Booz Allen's commercial finance program. For information on intelligence-driven cybersecurity, as referenced in the trends, click here.  

 
 
 
  • Is the Threat Intelligence That Banks Generate Useful?

    Actionable intelligence is difficult to identify. Combining threat intelligence with other disciplines, like incident response and fraud, is a proven method for connecting data elements to create actionable intelligence, according to Booz Allen.
    Is the Threat Intelligence That Banks Generate Useful?
  • Mobile Security Platform Weaknesses Are Resulting in New Threats

    New threats cause consumers to unwittingly send information to a hacker, who then "owns" the device. The Perkele Trojan, a crimeware kit popular in the Middle East for attacking Android phones, for example, spread globally this past holiday season as online purchases increased.
    Mobile Security Platform Weaknesses Are Resulting in New Threats
  • Developing Countries Will See More Attacks on Local Banks

    As Middle Eastern, Latin American and Asia-Pacific countries modernize their economic infrastructures they are appearing as targets on sophisticated attackers' radars. The Saudi Arabian monetary agency, for example, reports one cyberattack on its banks every 14 seconds.
    Developing Countries Will See More Attacks on Local Banks
  • Mid-Tier Banks and Non-Banking Financial Institutions Are Vulnerable

    Unlike large banks, mid-tier and regional banks, wealth management organizations, and hedge funds often lack the financial ability and technological know-how and manpower for widespread cybersecurity. This can create a cascade of systemic risks for all banks.
    Mid-Tier Banks and Non-Banking Financial Institutions Are Vulnerable
  • Firmwide Planning and Preparation Needed

    To thwart insider threats, banks need to develop multidisciplinary teams that include IT, human resources, internal communications, marketing and legal to convey to all staff the importance of cyber-risk awareness and what to do if attacked.
    Firmwide Planning and Preparation Needed
  • NIST Standard Creates Challenges

    Financial firms using the NIST framework risk liability if cyber breaches result in valuable data being destroyed or usurped by attackers. But this also prompts the insurance industry to offer policies to help firms offset that liability.
    NIST Standard Creates Challenges
  • Big Data Demands Data-Level Security

    As operational data moves to the cloud, fine-grained security is needed so that banks not only avoid sharing sensitive data but also defend against adversaries snooping in their data sets.
    Big Data Demands Data-Level Security
  • Managing the Transition to the Cloud

    Financial institutions can upgrade security architectures and integrate improved controls. Also, they can deploy advanced analytics to cope with enormous volumes of security data to better identify malicious behavior trends.
    Managing the Transition to the Cloud
  • Collaboration is Key

    To better protect an organization's network system, IT leaders should collaborate with the C-suite to develop a holistic and forward-looking program that transforms their security posture, according to Booz Allen.
    Collaboration is Key
  • Overcome Jargon

    Booz Allen also recommends that security professionals "find their business voice" to bridge the language gap between technology, risk management, and cyber-security in order to prepare for the new wave of cyber-attacks.
    Overcome Jargon
  • Redefine the Concept of a Network Perimeter

    Accomplish this by "developing a much more dynamic cyber-security approach that includes actionable threat intelligence, advanced adversary hunting as well as data protection and access controls developed at a much greater degree of granularity," says Booz Allen's Stewart.
    Redefine the Concept of a Network Perimeter
 
 
 
 
 
Karen A. Frenkel writes about technology and science, innovation, and entrepreneurs and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...