By Brian Forster, Senior Director, Fortinet
Cybersecurity departments for major financial services organizations face a near-constant assault on their highly valuable data, yet their efforts to combat cybercrime do not pass muster. Legacy IT systems are prone to greater vulnerabilities, and clever criminals continue to alter their tactics. The 2016 Financial Industry Cybersecurity Report reveals that 95 percent of the top 20 U.S. commercial banks (by revenue) have a network security grade of “C” or below. In addition, 75 percent of those banks are infected with malware, and a number of malware families were discovered within these banks’ networks.
The financial services industry will remain in the cross-hairs as we embark on 2017. As a result, financial services CIOs will be faced with difficult, complex security decisions and challenges. Below are several challenges that nearly all financial services organizations will have to face in 2017.
- Addressing Increased Threat Volume
Verizon’s 2016 Data Breach Investigations Report has revealed that 89 percent of breaches had a financial or espionage motive. As we begin 2017, statistics like these have forced most financial services security teams to shift their thinking from “What if we get attacked?” to “What will we do when we get attacked?”
The data also shows that 98 percent of financial systems were compromised within mere minutes of incidents occurring, yet 15 percent of incidents remained undiscovered by security teams for months (or more). This suggests that attackers have plenty of time to sift through and steal financial data. CIOs and their security teams must find ways in 2017 to disable inevitable threats and discover and respond to attacks in a timely manner to protect their data and their customers.
- Combining Old and New Technology
It could be argued that the financial services industry has changed more in the last 25 years than it has in all the previous years since its inception. The emergence of the “bring your own device” (BYOD) movement and the expansion of the IoT has made 24/7 access possible. Today’s customers and employees expect 24/7 access to systems and providers.
However, with great opportunity come even greater challenges for IT teams.
Integrating new technologies into existing systems and IT infrastructure will remain an area of concern throughout the coming year. The digitization of the industry and the business landscape as a whole has forced financial institutions to embrace the cloud (public, private and hybrid) and connect on-premises systems to it, further complicating the environment that needs to be protected.
- Lowering Risks Posed by Employees
In just the last few years alone, there have been many instances where employees have been at the center of damaging cyberattacks on financial organizations. Cybercriminals are becoming smarter and developing new ways to attack corporations, including via their employees. Additionally, growing numbers of remote employees are accessing devices that may not even have organizational security safeguards in place. This new networking paradigm has made it critical for organizations to ensure their workforce is cyber-aware.
As we move through 2017, organizations need to put processes and security solutions in place that can reduce the number of attacks that originate from their own workforce and minimize the impact of a successful attack.
- Unifying Security Intel
Many CIOs rely on a blend of security vendors to protect their organization, as there isn’t a single solution on today’s market that can meet every need. As these multi-vendor models continue to evolve and expand, CIOs will need to consider investing in solutions that tie it all together via common operating systems and open APIs. Such a unified framework approach make it possible to integrate one-off solutions while still providing cybersecurity professionals with a holistic view of the threat landscape from a single location.
- Staying Compliant
Standards and mandates for financial services firms are always evolving, and in the new year, organizations can expect to be held to even higher standards than they currently face.
Some states, like New York, have already begun upping the ante when it comes to cybersecurity regulations. Governor Andrew M. Cuomo recently announced regulations that will requires banks, insurance companies and other financial services institutions to maintain comprehensive cybersecurity programs.
Failure to adhere to these regulations could result in significant financial and reputational repercussions. As a result, CIOs in 2017 will need to look for cybersecurity solutions and processes that will assist them in remaining compliant.
These are just five of the many challenges looming on the horizon. As network security threats in the financial industry evolve in number and sophistication, so must the CIO’s response to them. Next-generation solutions and processes will help financial services institutions stay ahead of the bad guys and keep both their data and their reputation safe.
About the author:
Brian Forster is a Senior Director at Fortinet, where he oversees and manages all aspects of the financial services vertical, including thought leadership, demand generation, sales enablement and account-based marketing. Prior to Fortinet, he held a leadership role at Juniper Networks and has spent most of his career within the high tech industry, including three years at Accenture and seven years at IBM in a variety of positions. He is a graduate of Pomona College with a B.A. in Political Science and an M.B.A. from Goizueta Business School at Emory University.