Since bad actors have prayed on the vulnerability of organisations moving to remote working models over the pandemic, security professionals and IT departments have worked tirelessly to overcome the challenges. Mark Ruchie, Chief Information Security Officer at Entrust, provides his view on what the important security trends affecting the banking and finance sector will be in 2022 .
We’ll see a sharp rise in ransomware attacks in the workplace in 2022 which typically involves sneaking malicious code into a software update which is automatically pushed out to thousands of organisations. These incidents are a direct result of the disruption caused by the pandemic, ongoing economic and humanitarian crises and decreased trust in governments.
To counteract this, security professionals will adopt a Zero-Trust approach to cybersecurity planning. The phrase, which is on everyone’s lips in the security industry, is an approach where you trust nothing, verify everything related to users and devices, assume the network is hostile and only give entities the least privileged access or the minimum permissions they need to fulfill their function. This framework is predicted to become essential in stopping identity from being exploited through various avenues in 2022, including compromised secrets, compromised data perimeters and lateral threats.
IT managers will be busy enhancing their security credentials in 2022
With many companies adopting a hybrid work model, we will see an increase in the Zero-Trust approach to verify the identity of employees working from home to protect company data. Organisations are likely to invest in their IT department to develop new and more efficient ways of managing customers, employees, and devices and keeping their businesses safe from intruders. This is likely to create security risks as significant changes to an organisation usually take years to successfully and safely implement and the use of physical and digital identity proofing is likely to increase as more organisations adopt a hybrid workplace and workers and customers need to verify themselves. With cyberattacks occurring at a higher rate than ever before, enhancing Certificate Lifestyle Management capabilities will make life easier for IT managers by offering a secure, central point for IT to control certificates, encryption keys and crypto.
From attacks on infrastructure to attacks on individuals
In 2022, people will be moving targets for bad actors, with IT managers seeing a move from attacks on infrastructure to attacks on individuals. While attacks on system vulnerabilities continue to be a staple of nefarious activities, there’s been a renewed focus on attacks against individual employees via mobile devices. The upturn in BYOD and IoT devices will create further headaches for IT departments in 2022. Authentication will be a huge challenge and passwords will be combined with other authentication methods like smart cards, three-factor authentication, and biometrics in order to improve security.
Industry research (1) released in the Autumn of 2021 revealed an increase in identity proofing technology – technology that verifies that someone is who they say they are. Most businesses began rolling out one-time password technology and in 2022 more businesses will supplement their security efforts with biometric authentication to allow access to internal systems and mobile identity verification to provide users with a credential on their mobile phone that grants them access.
Hybrid payment solutions: managing identity theft
Partly out of necessity, partly convenience, digital banking adoption will continue to skyrocket giving financial institutions an unprecedented opportunity to engage with consumers more frequently and via lower-cost channels. Banks will also aim to make the customer experience on their website and app simpler and more user-friendly. Contactless payment is likely to continue to rise in popularity around the world and mobile payments will continue to grow. However, with growing concerns over identity theft and approximately 80% of mobile banking consumers being concerned about fraud, we’re seeing consumers starting to prioritise the improved technical and functional capabilities of products and services when choosing their banks, pension providers and other financial services. At £4.5 trillion (2) this year, the global financial impact of cybercrimes is now equivalent to the world’s third-largest economy!
Traditional financial firms simply won’t survive the economic and logistical upheaval caused by the global pandemic if they continue operating the way that they are. According to the Keeper’s Security UK Census Report (3), financial firms suffered an average of 60 cyberattacks over the last year which is expected to increase in 2022. As customers become more aware and technology becomes more advanced, 2022 will be the year we combat threats and outdated tech and grow our infrastructure in even more unique ways. Banks will need to ensure their digital banking services are foolproof and provide consumers with secure access to mobile banking apps, portals, and kiosks with strong consumer identity proofing and authentication processes as they are onboarded. Solutions include issuing a personalised digital or physical contactless card in real-time, factoring in device integrity protection, TLS/SSL certificates and digital signing.
As part of preventing fraud and identity theft, banks will need to apply behavioural metrics and analytics with continuous authentication, detect malware and trojan software, and implement automated real-time response to prevent credential stealing, impersonation and account session takeovers. Banks must also verify the authenticity of transactions across merchants, consumers, and third-party payment providers with transaction signing whilst employing encryption key management to protect consumers’ privacy and data. Bundling existing physical card issuance technologies with secure digital capabilities to offer a best-in-class hybrid issuance solution, will help in supporting the full payment customer experience.
Solving complexity with simplicity: contactless and digital payment solutions
Another trend we’ll see in 2022 is an attempt to make the complex world of security more simple. As a result we will see ‘packaged’ solutions aimed at simplifying security and enabling digital transformation at a faster pace as we continue to address specific issues and problems caused by the pandemic which has spurred an urgent requirement for remote, contactless and touchless services replacing manual and high-touch self-service processes.
Proliferation of IoT devices: countering cyberattacks
2022 is the time to get serious about critical infrastructure protection. The proliferation of IoT devices and connections in-between continues at an exponential rate. Many of these devices were never architected with security in mind and this has huge implications for the electrical grid and other utilities, along with sectors like healthcare where IoT devices are being widely deployed. From a banking and payments perspective, this will have a large impact on personal banking, banking from wearable devices, the use of Bluetooth beacons in retail banking and APIs for smart speakers to enable users to carry out balance queries and payments through voice commands.
With cyber attacks occurring at a higher rate than ever before and data privacy concerns going supernova, we’ll see increased government investment and attention to cybersecurity at all levels. Cybersecurity is always a hot topic, but banking, travel and health credentials will add fuel to the fire – whether for the workforce, consumer or government use cases. This is likely to drive new compliance regulations across jurisdictions to protect individual privacy.