By Alyn Hockey,VP of Product Management at Clearswift.
Cyber security in Financial Services (FS) is tough even during regular times. Clear swift research in 2019 revealed that 70% of financial companies had suffered a cybersecurity incident in the last 12 months. Less than a quarter of the respondents felt they had an adequate level of budget allocated to cybersecurity within their firm.
The current coronavirus crisis has brought even more to worry about. Keeping employees safe and healthy and trying to continue operations as best as possible for customers are the main priorities of course. But the challenges of COVID-19 are many and varied for banks, and a fresh wave of cyber-attacks is just one of the additional things to be aware of.
What cybersecurity threats has coronavirus brought along in its wake and how can banks protect themselves and mitigate against these threats?
The threats FS companies are facing
The threats that FS firms face can be broadly categorised into two distinct camps – to steal or to disrupt. Stealing personal data that maybe used to compromise customers through their identities being stolen, which in turn can lead to their accounts being ransacked.
Threats that disrupt the trading of a bank cause operational problems and could result in a loss of revenue. Both types of attacks carry similar consequences: reduced business and reduced customer confidence and the risks of heavy fines if personal data is comprised.
Cyber criminals have not been slow to utilise these threats during the coronavirus crisis and with banks operating in a state of greatly heightened anxiety, are more vulnerable than they might be usually. With people concerned about the current situation, banks are receiving more queries from customers about short-term loans and for general business advice and attacks could come from such a route.
There has also been a spike in coronavirus-based phishing campaigns. These are well-crafted, look authentic to the untrained eye and are designed to trick people into opening them. These campaigns prey on people’s concerns about the current crisis and who are more likely to click on a malicious link now than they usually might be.
Homeworking even when not in the grip of such a crisis has security issues, but with many FS employees now working from home, there are further security concerns. Staff may be tempted to access corporate systems via unauthorised home systems, while other family members might use the employee’s laptop or device at home – kids printing out their homework, checking personal email,– and this can be an easy route in for a hacker using phishing or social engineering lures based on coronavirus. It’s also true that homeworkers lack the usual office-based security measures – no email and web gateway security, intrusion detection/prevention systems.
Mitigating the threat
Part of the problem for banks in mitigating the threat is that the threat landscape is so wide, varied and evolving. Malware, ransomware and phishing are all still widely-deployed tactics, while social engineering techniques, weaponised documents and weaponised websites change all the time. Keeping up with what is going on is a major challenge for any FS firm and especially so during the coronavirus, with internal security stretched in a number of different directions.
Ideally FS firms will have already prepared for being breached and review this process regularly. Assuming they’ve not created a playbook there are several things they will need to do. Identify how the attack happened and work to contain the situation so that it doesn’t continue. This may involve taking systems offline to perform a thorough investigation. Once they know how it happened and what was impacted and the risk assessed, the entity can start to work through the process of communicating to customers with a clear message about what has happened and how it’s being dealt with.
If a data breach concerns personal data, then the entity should contact the Information Commissioners Office (ICO) and Financial Conduct Authority (FCA) within 72 hours of becoming aware of the breach. Once the systems have been restored, then it’s a question of reviewing not only how to secure the entity better through technology and process, but also to evaluate any lessons learnt throughout the breach. When a new plan has been finalised then it should be tested through simulation so that staff can learn how to deal with the next one.
These times of crisis mean that any firm in the financial sector needs to take cybersecurity that bit more seriously and up the pace of innovation and deployment of effective data protection and threat mitigation strategies. This includes working with the right technology providers and ensuring that they are using all of the features and measures available to them.
Such times can act as a trigger for a bank to reinforce its cyber security processes and to remind employees of the need for extra vigilance. This should certainly extend to providing advice and technical help to make sure employees are as well-protected working from home as they are from the office. Coronavirus could be with us for a long time and no FS organisation wants the additional headache of a serious security breach.