By Kane Hardy, VP of EMEA, Hexis Cyber Solutions
The recent news that both HSBC and First Direct are to implement biometric voice and fingerprint regonition instead of passwords, highlights that the evolving threat landscape is at the top of the agenda for these banking corporations. A study from the Centre of the Study of Financial Innovation clarifies that UK bankers fear cyber attacks more now than they do a faltering economy or political interference.
Given the strategic importance of the financial sector, any large-scale cyber attack now represents a serious threat to the larger economy and one that may have a significant impact on how it performs on a global stage.
Threats online are becoming increasingly sophisticated as the ability to evade detection evolves at a blistering rate. Its clear that financial institutions are struggling to sew together legacy banking systems, with new digital channels making themselves an easy target. Criminals long for weaknesses that exist in networks. These frailties are being exposed by hackers that combine the simplicity of daylight robbery with the malware and cyber techniques that have been born out of emerging technology.
In addition, the surge in mobile and online banking within the financial services industry has introduced new vulnerability as hackers have access to a slew of new attack vectors. Highly sought customer and business data can be pick pocketed through sophisticated botnets and other ‘backdoor’ cyber threats without the consumer even being aware.
It is more clear than ever that cyber security has a key role to play in this sector and must be approached with complete professionalism.
How tight is your security? The Bank of England wants to know
Last year, big businesses found their networks to be compromised by attackers looking to steal extremely sensitive financial information and intellectual property. Unsurprisingly, concerns about a cyber security onslaught on the UK’s financial system have intensified.
In response, the Bank of England is including cyber attack scenarios in its annual stress testing exercise for UK banks. In addition, financial institutions will be required to fulfil specific security measures and notify regulators about cyber incidents after European MEPs reached an agreement on the first cyber security rules for the European Union (EU), the Network Information Security (NIS) directive.
Throwing money at security doesn’t neccesarily work
Knowing they’re a target, many financial institutions have hefty security budgets designed to build a strong defence. Yet too often they focus only on compliance requirements and rely on tools like firewalls, sandboxing, email scanning and web controls to protect the fortress walls. As the threat from cyber crime continues to intensify, these solutions, are no longer enough to stop cyber criminals in their tracks. More security solutions won’t necessarily lead to better protection as criminals are still able to find the holes in an organisation’s defence and exploit them.
Ready for the fight?
To build effective governance strategies and ensure financial institutions can quickly recover if attacked, organisations need to beat cyber criminals at their own game – responding to any threats at machine speed with automated processes.
An active behaviour-based approach that monitors and manages threats is important to gain increased visibility into the malicious activity within an environment. Only then is it possible to develop a process to identify serious threats and ensure the response matches the speed at which attacks are being generated.
In order to protect valuable assets, every financial institution needs to assume a state of continuous compromise. The focus needs to move to adopting an adaptive security framework, one that not only detects, but responds and remediates.
With new regulations and an evolving threat landscape, financial service organisations would be advised to review their defences. Cyber criminals are adopting a stealthier approach but their attacks remain explosive and fast. Financial institutions cannot become complacent given the numerous tactics attackers have at their disposal.
In 2016, we must accept that no financial institution is safe from cyber crime.