Avatar

Today’s Security Environment

As we review the impact of COVID-19 on major industries at a global level, it is heartening to know that the financial services industry as a whole, has been able to withstand the immediate pressures arising from the pandemic.

The post COVID-19 era for the financial services industry will be rife with low interest rates, low profitability and increased non-performing assets (mortgages, business loans etc.).  At the same time, customer confidence and trust on financial services firms will be put to the test as sophisticated cyber-attacks continue to target the firm’s digital products and services infrastructures as well as remote workers.

A 2020 Accenture report – ‘Securing the Digital Economy: Reinventing the Internet for Trust’– forecasts that nearly $350 billion could be lost by the financial services industry to cybercrime by 2025.

Therefore, financial services firms will need to prioritize their investments and accelerate the implementation of cyber resilience strategies to avoid increased business loss and brand damage due to sophisticated cyber-attacks. Knowing this, we put together a two-part blog series to help you assess and improve your financial institution’s security.

Look for a Long-Term Solution

With remote working being the new normal in the post COVID-19 era, cyber criminals are tirelessly focusing their efforts to steal data from the financial firm’s remote workers and third party partners through advanced malware and social engineering methods. While most financial firms have rushed to plug the gaps that exist in their security policies to support this new normal, this is a just a short term solution.

The focus should also be on building cyber resilience against emerging threats that could severely damage a financial service firm’s brand and lead to financial market disruption, like data manipulation. Financial firms have been using data to gain insights and deliver competitive services. Data driven decision-making has been an important strategy adopted by most financial firms to deliver exceptional customer experience and gain operating model efficiencies. Emerging attacks will shift from data theft to data manipulation. These attacks will be led by highly skilled adversaries with advanced Tactics, Techniques & Procedures (TTPs) such that detection will be a challenge. Manipulation of credit scores, market data, KYC (Know Your Customer), customer account data, and many others will threaten the financial firm’s brand as well as severely impact customer trust.

As per the Reserve Bank of New Zealand “Cyber resilience is the ability to withstand, contain, and rapidly recover from a cyber incident by anticipating and adapting to cyber threats and other relevant changes in the environment.”

It is crucial that a holistic approach to cyber resilience be adopted taking current and emerging threats into consideration. Our recommendation to financial services firms is to augment their current cyber security practice with a five-point strategy which would help them bolster cyber resilience. This blog encompasses the first two points, check out next week’s blog for the final three points.

#1) Secure by Design

As financial services firms accelerate digital transformation, security has to be more than a department or set of loosely-integrated solutions to keep up. It has to be a total philosophy – driven by the CEO and implemented throughout the entire product lifecycle. This includes using a secure development lifecycle, embedding security into product design and manufacturing, delivering products securely, and ensuring a corporate culture of transparency and continuous innovation. Cisco’s Trustworthy technologies are an evolving range of security technologies designed into Cisco solutions for financial services customers to tap into as they develop their digital products and services. Security by design and trustworthiness must never be afterthoughts; they must be designed, built, and delivered from the ground up.

#2) Cisco Zero Trust

Cisco Zero Trust offers a comprehensive solution to secure all access across a financial services firm’s applications and environment, from any user, device, or location allowing the firm to consistently enforce policy-based controls while gaining visibility into users, devices, components, and more.

Cisco implements zero trust with a three-step methodology across the workforce, workloads and workplace by:

  1. Establishing trust of a user, device, application, etc. – before granting access or allowing connections or communications.
  2. Enforcing trust-based access policies with granular controls based on changing context – such as the security posture of devices and the behavior of applications
  3. Continuously verifying trust by monitoring for risky devices, policy noncompliance, behavior deviations and software vulnerabilities

This complete zero trust security model allows the firm to mitigate, detect, and respond to risks across their entire environment.

Now What?

Cybersecurity is top of mind for everyone, especially in the financial services industry where trust ranks above everything else in the eyes of the customer. The pandemic has further increased the need for thorough security solutions, and as October is Cybersecurity month, there is no better time to have this discussion.

Check back here next week for the final three strategies to bolster cyber resilience in your financial institution! Can’t wait until then to learn more? Check out our financial services security site or financial services security infographic to learn more.



Authors

Mathew Varghese

Chief Technology Officer, Financial Services

APJ Systems Engineering - Architects