Across all industries, the financial sector has one of the more mature and well-developed approaches to cybersecurity. Yet, despite the banks’ increased investments into cybersecurity, a disconnect remains between spending and risk.
Increasingly digitized environments and the Internet of Things (IoT) are creating an interconnected infrastructure that spans across multiple organizations, data sources, access points and vendors. This creates a complex business and IT environment that’s constantly being exposed to new risks.
Closing the gap between investment and risk requires an intelligence-based approach that can respond and adapt to threats in real time. This approach must take into account how future innovations in digitization will impact cybersecurity over time.
Cyber Threats an Ongoing Concern for Banks
According to a recent report by Bitglass, the number of attacks on banks doubled last year compared to the year before. And so far in 2016, at least five of the 20 top U.S. banks have disclosed data breaches.
Financial services was the third most-attacked sector in 2015, according to IBM. Although this represents an improvement over 2014 when it was in the No. 1 spot, it’s clear that banks are still not able to stay ahead of the threats.
An added challenge is the ongoing U.S. transition to the “chip” (EMV) credit and debit cards. While these more secure cards are expected to significantly decrease counterfeit card fraud in the long run, the transition is forcing bad actors to step up their game and target other areas, such as card-not-present and online fraud.
Security Efforts Must Be Refocused
Although financial institutions are throwing money at the cybersecurity problem, they don’t alway direct resources to the right areas. An intelligence-based approach needs to take into consideration new factors such as insider threats (both malicious and unintentional errors), third-party risk and geopolitical climate, among others. Three recommended areas of focus include:
Elevating cybersecurity to C-suite function: Cybersecurity is no longer simply an IT problem. The board of directors and executive leadership need to invest time into understanding how cybersecurity impacts business risk and take an active role in allocating the proper resources and establishing it as a priority across the organization.
Treating cybersecurity and business strategy as two sides of same coin: Cybersecurity needs to be integrated into every core function of the business. Cybersecurity assessment and planning must become a critical part of product development and strategic planning. Every project, from design and architecture to usability, should have clear expectations related to information security.
Using an intelligence-based approach to cybersecurity: As the transition to digital business models continues to drive the evolution of enterprise networks, banks must adopt innovative network security solutions that are scalable and flexible. These solutions must provide the type of actionable intelligence that’s critical in today’s threat environment, along with a comprehensive, unified approach to physical, virtual and cloud infrastructure.
Knowing this, it’s important to utilize a technology partner who can deploy a cohesive “fabric” of best-of-breed security solutions that easily share big-data-driven, real-time threat information to support intelligence-based cybersecurity.