By Peter Heywood, Regional Director, BFSI at ISG
The pandemic has accelerated change in cybersecurity. Cybercriminals have adapted their methods to take advantage of vulnerabilities arising from so many people working from home, and increased digitisation has exposed vulnerabilities. Ransomware and fraud are at an all-time high. We are also seeing a rise in ‘hacktivism’ attacks.
Security solutions, processes and procedures are evolving as a result. We have identified five core areas banks and financial services companies will invest in over the coming year.
- Greater regulatory pressure to address risk
Regulatory compliance is the single biggest area of technology investment for banks already, but now banks are under pressure from regulators to upgrade their technology to address risk, with the European Commission’s Digital Operational Resilience Act (DORA) and PRA PS 21/22 in the UK.
This new wave of cybercrime sets new risk parameters, and increases exposure to fines under data protection regulations. It is no longer enough to set aside budget to pay these fines (as banks have done in the past) – there is both regulatory and shareholder pressure on the industry to de-risk and avoid repeated fines altogether.
- New forms of secure authentication
As virtual working continues in some organisations and makes way for hybrid working in others, authentication will only grow in importance. Identity access management providers will continue to enhance their services to keep pace with evolving cybersecurity risks.
Some financial service organisations, like retail banks, are already offering great authentication solutions for customer-facing products and tools, and we need to see a similar level of protection for back-office systems.
In 2022 we’ll see more organisations exploring artificial intelligence, biometrics, and possibly even blockchain as ways to prove identity. Financial service providers may find it beneficial to use IAM-as-a-service providers to support them with continuous authentication for their virtual and hybrid teams.
- Partnering with data loss prevention providers
Data loss prevention (DLP) is vital to any organisation – after all, it’s impossible to stay compliant with cybersecurity regulations unless strong data loss prevention measures are in place. A good DLP system will both monitor and classify data held by the organisation and alert it to attempts to access and remove data from the network.
Demand for great DLP providers will continue to grow through 2022 as the sector strives to keep up with changing regulations and continue to introduce new services for customers through initiatives like Open Banking.
Organisations can lay the groundwork now by assessing the state of their current data management processes and asking how a DLP partner can best help them protect customer and business-sensitive data.
- Security solutions to protect an evolving workforce
Financial service companies need advanced endpoint threat detection that can keep pace with the ever-changing and increasingly sophisticated methods employed by cybercriminals. We’re living in a world where virtual working hasn’t just become more common – it’s advocated by governments as a public health measure.
While virtual working brings many benefits, it also introduces more points of vulnerability. From using unsecured or shared devices (including home Wifi routers), to using VPNs and, in some cases, leaving employees to set up their own anti-virus protection, virtual working increases an organisation’s exposure to risk. This means organisations must continuously re-evaluate their vulnerability levels.
In 2022, we’ll see more organisations partnering with advanced endpoint threat protection, detection and response providers to combat these vulnerabilities. By working with these specialists, organisations will be able to take a proactive approach to securing their networks.
- Strategic security services and proactive support
Security is a strategic buy, and an increasingly complex one. As pressure increases on banks to de-risk, they’ll seek out partners who are experts in both the modern threat landscape and managing the regulatory environment.
We’ll see more of these providers hiring domain name specialists and establishing security labs to conduct forensic investigations and enhance the skills they need to meet client demands. These providers will evolve into strategic consultants, in addition to providing general technical and managed security solutions.
In addition, businesses are coming to depend on these providers to coordinate incident response teams when a problem hits, and, as a result, more are establishing centres to manage the process. These use technology like artificial intelligence, edge computing and blockchain to provide multi-layered protection.
Financial service providers are making great strides in shifting to digital, but with this change comes new forms of risk. Cybercrime is constantly evolving, and financial institutions need to focus on how they can proactively protect data. While 2021 was about quick and necessary change, 2022 will be much more focused on refining and securing these new systems, derisking, and embedding security into all points of the organisation.