Much like the masked bank robbers seen in movies and on TV, cybercriminals target financial institutions because that’s where the money is. As the use of smartphones and internet penetration increases, online banking has continued its rapid growth, creating rising customer expectations. These expectations, in conjunction with hackers developing increasingly sophisticated criminal tactics, have created a dangerous cybersecurity landscape for financial organizations to operate in.
In recent years, cyberattacks against financial services and other industries have grown in number, size and sophistication. While cybercrime hasn’t altered the fact that the financial services industry deals with money, cybercrime has increased the speed and the consequences surrounding a breach.
As a matter of fact, according to the 2017 Cost of a Data Breach Study, data breach costs in the financial sector are the highest among all industries except health care. The study, annually conducted by Ponemon Institute and sponsored by IBM Security, found that for each lost or stolen record containing sensitive and confidential information, the average cost for financial institutions in the U.S. is $336, or $111 more per record than the global average across industries.
The study also found that the average cost of cybercrime for financial services companies globally has increased by more than 40 percent over the past three years, and the average number of breaches per company has more than tripled over the past five years. With financial services firms being targeted more than any other sector, we’re talking about millions of dollars annually.
From regulatory compliance impediments to securing customer data and the risks associated with working with third-party vendors, the financial services industry is faced with a growing number of ever-evolving cybersecurity challenges.
Today, banks and other financial institutions are increasingly dealing with a growing number of compliance mandates and security regulations. In fact, cyber security failures have prompted data privacy legislation in more than 40 U.S. states. And last year saw New York state pass first-in-the-nation regulation requiring banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services to create detailed programs to protect consumer data and ensure employees are trained to identify threats.
Additionally, China put their Cybersecurity Law into effect in 2017, and other countries, including Singapore and members of the European Union, are putting regulations in place that will specifically affect banking institutions and aim to give citizens more control of their data. Compounding the issue, globally operating financial services firms must be aware of new cybersecurity regulations and how they affect their business in order to navigate data rules and remain compliant, especially as they conduct business across borders.
These ever-evolving obligations challenge financial firms to reconcile overlaps and inconsistencies between compliance mandates. Consequently, excessive controls and silo-based solutions are leading to significant increases in cost and are further complicating the already complex world of cybersecurity.
While compliance programs are designed to improve matters, they can also have the opposite effect, diverting already limited cybersecurity resources away from immediate, specific risks. Bottom line: compliance does not equal security.
Financial institutions are on an ever-changing journey to improve the online customer experience and increase customer engagement, customer retention and profitability. This shifting business model has led to higher customer expectations, and customers increasingly expect a wonderful online user experience delivered through myriad channels on a 24/7 basis — all of this while ensuring their privacy is protected and most sensitive data remains secure.
In the always-on era of constant connectivity, many financial organizations don’t identify or classify data based on how sensitive or critical the information is. As a result, they lack a vital understanding of what matters most to their organization. Without the ability to adequately protect data based on risk, aligning a financial firm’s operating model and security environment to meet increasing regulatory requirements and heightened customer expectations is incredibly difficult.
Mitigating Third-Party Risk
As companies in financial services continue to outsource their internal processes, move their operations to the cloud and connect with customers through an increasing number of channels, the sheer amount of vulnerabilities grows. Because there are now more connected endpoints than there are people on the planet, the “attack surface” exposed to hackers is larger than ever as well.
As is the case with any third-party vendor contract, cloud service agreements impose convoluted regulations concerning data sharing and lead to a myriad of new cybersecurity challenges. While financial organizations often participate in partnerships and outsource services to reduce costs and improve service, these third-party risks must be managed and in a perfect world, mitigated. Even if your organization isn’t subject to regulations, a vendor you work with likely is, and their organization could be breached, compromising your data.
2017 witnessed a string of devastating malware attacks – including the WannaCry and Petya attacks — which cost several globally operating financial firms, including the property arm of France’s biggest bank BNP Paribas, hundreds of millions of dollars in lost revenues and unknown damages in harm to their reputation. As breaches and IT security incidents continue rising, patch management has never been more critical for financial firms than it is today.
For many financial institutions, IT infrastructure has not been integrated across the enterprise, making the traditional patch management process a manual, time-intensive and arduous task. Keeping operating systems and third-party applications patched and up-to-date is the only way organizations can completely thwart attacks based on known vulnerabilities.
In order to achieve regulatory and government compliance while mitigating potential security breaches and securing vital data, financial institutions should consider cloud-based solutions that automate patch management, expanding the ability of internal IT resources to focus on other, more strategic initiatives.
One such solution is Automox. With our cloud-based agent and policy engine, organizations maintain control over their level of patch management automation, flow processes and configuration enforcement, all from a single dashboard. The agent works on Windows, Mac OS X or Linux systems to monitor your vulnerability, providing an inventory of hardware, software, patches and configuration details. From there, the agent automatically patches vulnerabilities based upon your configured policies.
In the end, security teams must monitor and prioritize these cybersecurity challenges to ensure their organization is in compliance with ever-evolving regulations, protecting consumer privacy and securing sensitive data from hackers while mitigating the risk associated with third-party vendors. Automox makes your life easier by automating this process for you.
Sign up for a free, 15-day trial to try Automox today. There’s no credit card required to sign up, no limit on the number of endpoints we’ll protect and you receive full access to the complete platform. As cyberattacks continue to evolve, financial services firms will need to adapt their IT and security infrastructure.