Cybersecurity and financial services: tackling identity challenges for better online protection

By Steve Bradford, Senior Vice President, EMEA at SailPoint 

Steve Bradford

As an industry, financial services are significantly vulnerable to cyber-attacks. The Bank of England recently surveyed executives in the UK financial sector, finding that a staggering three-quarters (74%) deemed a cyber-attack to be the highest risk to the financial sector in both the short and long term, followed closely by inflation or a geo-political incident.

This is why financial services companies need to do more to fortify online defences. Preventative measures can safeguard sensitive corporate data from bad actors, and ensure that damage is mitigated when a breach occurs, or even stop it in its tracks completely.

Protecting identity in the digital arena

One key factor contributing to the ‘make or break’ of a breach is identity. According to a recent study, 84% of all IT security incidents are due to compromised identities. From imitating CEOs, to emails that appear to be from IT support, cyber criminals have learnt to morph into those we trust. They are becoming more and more adept at stealing credentials, conducting social engineering attacks, and ultimately exploiting poor identity security hygiene within enterprises.

Cyber criminals’ tactics have been aided by the shift to remote work since the pandemic. Today’s hybrid world of work has made it far harder to monitor the enterprise security perimeter – a perimeter that has become the users themselves, as hackers could immediately look to take advantage of multiple user access points. But the office isn’t risk free either. All it takes is a user to click on an unsuspecting phishing link. Any compromised account paves the way for cyber criminals to get their hands on sensitive business information.

To eliminate these risks, it’s not a question of where an employee works. It’s about what cyber security measures are in place. Using AI-driven identity security provides staff with only as much access as is required to perform their assigned roles and responsibilities – no more, no less. Using AI also speeds and streamlines identity decisions, something crucial given the pace at which businesses – and cyber threats – are evolving. This enables identity teams to move faster and more effectively to spot and stop unnecessary, inappropriate, or potentially compromised access.

Enhancing financial services’ cybersecurity with AI

AI can never replace valuable human expertise, but it can augment it by using algorithms as a “force multiplier” to support overtaxed security analysts, identity management professionals, and incident responders, who all need to sort through an increasing amount of information to do their jobs.

An AI-driven identity security programme also enables organisations to realise both cost benefits and operational efficiency, while evolving and adapting easily and quickly to the increasingly complex environment we’re living in. Yet, nearly half of businesses (45%) are only just starting to prepare for identity-based attacks. Considering the incremental year-on-year cost increase of cybersecurity insurance, growing services, rapid adoption of remote workforce strategy, and onboarding of IoT devices – in addition to easing pressure on cyber security staff – the need for adopting an identity security programme becomes glaringly obvious.

Tackling the growth of identity challenges in financial services

The case for identity security is even more pressing given the enormous amount of identity data generated in today’s world, from different users and systems to automated robotic processes. Machines now make up almost half (43%) of all identities in the average enterprise and these are set to grow exponentially in next 3-5 years. There’s so much data that finding any anomalies are a bit like finding the proverbial needle in the haystack.

Since even the mere definition of an identity has evolved so much, organisations must keep pace. This means ensuring that their identity security programmes are taking this identity type into account when securing access. It’s not just about securing employee access, but contractors, partners, and now software bots too. A lot of organisations aren’t even “there” yet with recognising this identity type as one that needs the same identity security controls as their human counterparts.

Human or non-human, enterprises must still do two things when it comes to managing these identities: reduce risk through better visibility and drive efficiency through automation. With AI at the foundation of their identity programme, financial organisations can gain better visibility and insight into the specific risks associated with user access. Additionally, these can help automate and streamline identity processes and decisions such as access requests, role modelling, and access certifications, driving greater efficiencies across an organisation. The power of AI will have a significant impact on how organisations manage, control, and secure all types of identity.

Moving from technology-first to people-first approaches

With the probability of high-impact cyber events in the UK increasing, financial services companies need to invest in the right technology measures to protect their data properly. Identity security is one important measure that can go a long way in preventing attacks, and automating the process helps reduce stress on overburdened IT security departments.

By approaching technology investment as more than just a tick-box exercise, financial services companies can elevate their defence strategies and be ready for the cybercriminals of 2023 and beyond.