Five new cybersecurity challenges facing the financial services industry
It has been a mixed year for the financial services sector. Some firms have seen increased demand for their services, while others have struggled to deal with mortgage and credit default agreements.
On a more granular level, many financial services firms have also had to deal with new ways of working, including the implementation of virtual CISOs and the struggle to protect remote workers from higher levels of cyber threats. However, it’s worth recognizing that very few of the threats facing remote employees are entirely new. In fact, most of the challenges facing the industry, and in particular the increasing complexity of supply chains and consumer networks, have been around for at least a decade.
Still, as 2021 draws to a close, it’s a good time to take a look at the threat landscape facing financial services firms and highlight the key challenges on the road ahead. In this article, we will do just that.
1. Misinformation and trust
This year, several U.S. newspapers, including The New York Times, launched new initiatives to track viral misinformation. While most of this misinformation focused on ostensibly political opponents, it also appears to have had an effect on trust in financial services.
This is not only a business challenge for established financial services companies, but also creates real cybersecurity challenges for them.
2. Complex supply chains
Perhaps the biggest of these challenges is the fact that the increasing complexity of the financial services sector provides a larger attack surface for cybercriminals and malware.
Customers are increasingly interested in managing their finances through an interconnected web of traditional banking tools and new accounting applications. Any personal accounting software that consumers use to keep track of their finances should be PCI DSS compliant to ensure that their financial data is stored encrypted in a secure environment to reduce the likelihood of falling victim to a cyberattack. This approach can provide greater convenience and security for both businesses and consumers, but it is also not enough.
To be more specific, financial services organizations should focus on protecting remote endpoints to address the increased number of potentially exposed endpoints. This includes developing asset and software inventories, running patch detection and vulnerability scans to locate problems, and then an automated remediation validation phase to ensure that the patches or configuration changes used to correct the vulnerability were effective.
3. Credential and identity theft
While the financial services industry has had to deal with the consequences of identity theft for years, 2021 was the year that identity and credential theft exploded. Early analysis shows that, during these two pandemic years, the rate of identity theft has increased significantly.
This increase has occurred despite increased consumer awareness of the risks of identity theft, and shows that awareness of these dangers is not enough. Consumers know they must be careful to protect their data, but they also lack the expert knowledge needed to protect all aspects of their online lives.
For the financial services industry, this presents both a problem and an opportunity. In recent years, some companies have had great success in promoting the fact that they take consumer privacy and security seriously, and this is a trend that is likely to continue for years to come. For example, several financial assistance companies such as Credit Saint and Sky Blue offer restoration services and identity theft protection as an additional part of their credit repair programs.
4. Ransomware
Ransomware is another type of threat that has been around for years, but has recently gained public attention. The rise of ransomware over the past year, and particularly during these pandemic years, indicates that thieves and hackers are taking a more sophisticated approach than ever before. Rather than directly stealing customer information and then selling it, they have realized that the consequence of a successful attack goes far beyond the immediate loss of customer data; instead, it can be the loss of public trust that really hurts a company.
The fight against ransomware is, of course, a constant struggle for cybersecurity engineers. However, there are also trends in the way these attacks are implemented that are worth paying attention to. Specifically, this year has seen an increase in the number of attacks that relied on the cooperation (voluntary or otherwise) of former employees.
5. Emergency technologies
Finally, and while many companies in the financial sector are still struggling to cope with the challenges posed by the current generation of technologies, it is becoming increasingly clear that the next generation of technology will enable cyberattacks of unprecedented scale and speed.
Of this group of emerging technologies, two are of particular concern. One is the deployment of 5G mobile networks, a technology that is a key prerequisite for the widespread adoption of strong encryption for financial applications, but which also gives attackers access to much greater capabilities when it comes to committing crimes. The second is artificial intelligence, which is already being used to produce fake videos that can fool biometric security systems.
Conclusion
Of course, not all cyber threats are based on new technologies, and attack vectors that were once considered obsolete sometimes resurface, as we have seen recently in the rise of SMS phishing. For financial services firms, this requires constant vigilance across the entire threat landscape.
Similarly, although we are seeing the emergence of new threats, it’s not all bad news for the financial services sector. With the election now out of the way, there is increased speculation that a federal cybersecurity department will be formed. While increased government support is always welcome, the financial sector will need to remain agile and vigilant to identify and combat the emerging threats of 2021.