Top Cyber-Security Trends for Financial Services
Actionable intelligence is difficult to identify. Combining threat intelligence with other disciplines, like incident response and fraud, is a proven method for connecting data elements to create actionable intelligence, according to Booz Allen.
New threats cause consumers to unwittingly send information to a hacker, who then “owns” the device. The Perkele Trojan, a crimeware kit popular in the Middle East for attacking Android phones, for example, spread globally this past holiday season as online purchases increased.
As Middle Eastern, Latin American and Asia-Pacific countries modernize their economic infrastructures they are appearing as targets on sophisticated attackers’ radars. The Saudi Arabian monetary agency, for example, reports one cyberattack on its banks every 14 seconds.
Unlike large banks, mid-tier and regional banks, wealth management organizations, and hedge funds often lack the financial ability and technological know-how and manpower for widespread cybersecurity. This can create a cascade of systemic risks for all banks.
To thwart insider threats, banks need to develop multidisciplinary teams that include IT, human resources, internal communications, marketing and legal to convey to all staff the importance of cyber-risk awareness and what to do if attacked.
Financial firms using the NIST framework risk liability if cyber breaches result in valuable data being destroyed or usurped by attackers. But this also prompts the insurance industry to offer policies to help firms offset that liability.
As operational data moves to the cloud, fine-grained security is needed so that banks not only avoid sharing sensitive data but also defend against adversaries snooping in their data sets.
Financial institutions can upgrade security architectures and integrate improved controls. Also, they can deploy advanced analytics to cope with enormous volumes of security data to better identify malicious behavior trends.
To better protect an organization’s network system, IT leaders should collaborate with the C-suite to develop a holistic and forward-looking program that transforms their security posture, according to Booz Allen.
Booz Allen also recommends that security professionals “find their business voice” to bridge the language gap between technology, risk management, and cyber-security in order to prepare for the new wave of cyber-attacks.
Accomplish this by “developing a much more dynamic cyber-security approach that includes actionable threat intelligence, advanced adversary hunting as well as data protection and access controls developed at a much greater degree of granularity,” says Booz Allen’s Stewart.