Today, organizations across every industry are concerned about security breaches and data hacks, but cybersecurity has become of utmost importance for certain sectors.
Research and Markets recently revealed that over the next four years, the global cybersecurity market is expected to grow from $122.45 billion to $202.36 billion – marking an annual increase of more than 10.6 percent. The surge in businesses making information-security-related investments can be attributed to this rapid expansion. As the number of data breaches and cybersecurity incidents rise, companies become more aware of the crucial need to protect their critical infrastructure.
However, the banking, financial services and insurance industry is expected to account for most of this expansion. Cybercriminals seeking monetary gain target this market due to the large volumes of sensitive financial information and data that circulates its systems. As Research and Markets pointed out, another contributing factor to this vertical growth in cybersecurity is its accelerated adoption of web and mobile applications, which ultimately heighten susceptibility to security vulnerabilities.
Financial sector suffering from security vulnerabilities
“Digital apps are both a business necessity and security risk.”
Digitalizing processes and operations is an increasingly popular method among the financial sector. Reaching and serving customers on mobile platforms and electronic devices has become not only an important but also necessary aspect of business models. Unfortunately, it also puts them at extreme risk.
According to BizTech, the U.S. Securities and Exchange Commission named cybersecurity as the biggest risk to the financial system. The source also highlighted a number of statistics that offer a glimpse into the concerning state of cybersecurity in the financial field. For example:
- Thirty-seven percent of financial service companies experienced double-digit increases in cybersecurity incidents.
- Ninety percent of these firms feel vulnerable to cyberthreats.
- Less than 20 percent of investment institutions are confident in their ability to deal with incident response and recovery operations.
- Seventy-seven percent agree that data security is a major concern.
Further findings published by SecurityScorecard revealed malware infects 75 percent of the top 20 U.S. commercial banks and about 20 percent of financial firms have severe security vulnerabilities within their email servers. BizTech reported that over the next year, most information security and compliance officers plan to increase cybersecurity investments, with the primary focus being on improving tools and technologies. However, there is not much use in organizations increasing spending on computer protection and IT security systems if they are not implementing the appropriate solutions or targeting the real source of the problem.
“Despite major financial institutions spending billions of dollars on cybersecurity annually, this report suggests the financial industry may not be spending those dollars as effectively as possible,” SecurityScorecard COO Sam Kassaoumeh explained. “A greater level of protection is required, which should be a concern for their customers and partners.”
The majority of financial service firms are concerned about data security.
Third-party risks to information security and protection
Research and Markets named network security as the segment expected to see the biggest growth due, at least in part, to companies needing to adhere to compliance and regulation requirements. However, SecurityScorecard emphasized the need for financial firms to address another vector of cyberattacks: their network of third-party partners and vendors.
“Financial companies rely on data exchanges with other vendors and may have limited visibility into the cyber risk associated with these transactions,” SecurityScorecard Senior Data Scientist Dr. Luis Vargas said. “As cybercriminals find new ways to attack, breach and exploit organizations, threat patterns such as phishing, spear-phishing and social engineering evolve and become more sophisticated.”
An example of the severe repercussions that can incur due to such vendor-security negligence is the recent cybersecurity hack of the central bank of Bangladesh. The Bangladesh bank seems to blame the New York Federal Bank for the breach, though some fingers have also been pointed at SWIFT, an interbank messaging system composed of over 11,000 financial institutions and spanning more than 200 countries. SWIFT fell under fire when cybercriminals were able to use malware and fraudulent messages to steal over $81 million from the bank using the system. This would be an example of how a solid system like SWIFT can be compromised by cybercriminals who are increasingly taking advantage of people to gain a foothold. Reuters released a new investigative report that examined the handful of problems and missteps that contributed to the incident.
Included in the report was the involved financial institutions’ oversight of the severity of cyberthreats, lack of security processes and controls and failure to leverage the proper detection tools and technologies. Many businesses – both in and outside the banking industry – make these mistakes with information security, but they are also ones that can be corrected to ensure a stronger cybersecurity strategy.
Preventing bank cyberattacks
Given the critical nature of the data and information they deal with, bank and other financial service firms must do everything they can to develop the strongest cybersecurity defense possible. Organizations like the FS-ISAC (Financial Services Information Sharing and Analysis Center) are performing centralized work for the community to build resilience and detection programs. Part of this involves investing in the right solutions, as well as enhancing workers’ cybersecurity education and capabilities.
At the National Cybersecurity Institute at Excelsior College, we offer training programs and specialty courses that help professionals in the financial industry better understand – and, therefore protect – the critical infrastructure of their systems. Take a look through our course offerings to find the right training for you. We offer a range of courses from the basics of security (Cybersecurity Awareness for Supervisors and Managers) that require no IT background to certification preparation courses for security professionals (ISC2 CISSP®).