Cybersecurity at FSI: Don’t be a victim of 3rd party risks
Managing Director, Security, APJ
Thought Leadership, Security
Financial service industries remain a lucrative target for online criminals. Their wealth of customer financial data, plus access to account usernames and passwords, encourages criminals to launch an array of attacks on financial services businesses.
Many cyberattacks are specifically designed to compromise financial services networks. The Dridex credential-stealing malware 53, which in a nutshell is created to steal your financial account information through Microsoft office macros, is just one of many examples.
Additionally, some institutions engage in 3rd party partnerships, which further adds to this heightened risk. Nowadays it is virtually impossible to find a financial institution that doesn’t partner to provide services to their customers. And, while 3rd party partnerships help firms grow revenues, cut costs, and improve the customer experience, it also increases the complexity of risk management.
FinTech (financial technology) for instance, have changed the financial services industry and how customers are acquired and serviced. This has the establishment viewing FinTech startups more as crucial collaborators than just simple service providers. However, greater collaboration with FinTech firms means greater risk for cyberattacks, as more services are delivered through Cloud-connected applications and platforms. Many FinTech firms don’t have the same focus, resources or awareness of cybersecurity as their Financial Services peers, and this adds to their concerns.
In our Midyear Cybersecurity Report, it is not surprising that nearly half of the financial services organizations said that digital business is influencing security to great extent. Also, about 40 percent said that FinTech, DevOps, and bimodal IT delivery are having a huge impact on security.
How can financial services institutions partner with outside firms while still meeting strict security and regulatory requirements?
If financial organizations want to securely meet customer demands in the digital economy, we recommend that they employ strict requirements on service delivery, infrastructure, security and compliance. To date, only 37 percent of financial institutions surveyed by Cisco mentioned requiring vendors to employ ISO 27001 as a requirement to work with their organizations. Therefore, asking vendors to adhere to established business practices is one area that financial services organizations can improve in.
Another area for financial companies to address is speeding up adoption efforts for new policies and processes. We found that 63 percent of financial organizations have formal security strategies in place. However, only 48 percent adhere to a standardized information security policy practice, such as ISO 27001 or NIST 800-53.
The financial services is a conservative industry. When it comes to new standards and their fit for the current security strategy, IT and security leaders move slowly. So, a change of mind set is required around how companies build and integrate their security to be more effective, open and automated.