By Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland
With increased scrutiny around big businesses, it’s clear that the public are placing serious value on the trustworthiness and honesty of a company. This shift in expectation and perception is indicative of various attacks, breaches and threats that have affected businesses across all verticals, not just financial services.
However, the impact of these breaches on financial services is arguably more serious due to the vast amount of personal and sensitive data that these institutions hold as the exploitation and abuse of data can cause real harm to individuals. This means that as there is more of a shift towards trust as a differentiator, financial services need to be at the forefront of this change.
The fact that banks are now publishing the number of operational and security incidents that have occurred is important in this journey. Whilst this voluntary scheme could present a challenge to banks, as they are exposing themselves to criticism, it also presents a great opportunity to showcase their trustworthiness and proactive approach to cybersecurity, as well as establishing their overall framework and approach to operational resilience
It is this aspect of trust that banks and financial services need to adopt and embrace in order to be competitive and to provide confidence to consumers. That’s why banks need to be show their customers that they are proactively managing cybersecurity threats.
Whilst technology may be a factor in some cybersecurity threats, it is also a big part of solution. Financial service institutions need to consider which of the cybersecurity technologies they should be investing in to ensure that they are prepared for an array of threats, rather than reacting to the breach once it has hit. What is clear is the with the pace of change and adoption of innovative technology, financial institutions need to be constantly prepared.
Back to basics
Taking a back to basics approach is an important step for any business when approaching cybersecurity. This involves having a good understanding of the network and all endpoints so that there is a good understanding of the threat landscape.
Cyber Threat Intelligence (CTI) tools can be used as an early warning system to detect and contain potential threats before they become incidents. This intelligence is essential for any businesses as cybersecurity threats become increasingly indiscriminate.
As a business, having an understanding of your cybersecurity and threat landscape is a must. Once you are aware of relevant threats and vulnerabilities, then you will understand where and how these can be exploited and the impact that this may have on the business as well as individuals. CTI gives organisations visibility into their landscape, and identifies which areas need to be mitigated as a priority.
CTI helps businesses to identify threats early on and so help to prepare them, however it is important that this is not the only step that organisations take in safeguarding their business.
Skin deep security
A key factor in securing financial services is in the authentication models that the institution uses. These have become increasingly more complex and sophisticated – for example multi-factor authentication systems for online banking – however there is still more that banks need to be doing to ensure that data is protected.
Biometrics are the next step in secure authentication as they are a reliable, highly accurate and efficient method of confirming a person’s identity. Technology such as palm vein authentication has the ability to help prevent fraud by identifying a person based on traits underneath their skin. As veins are internal and have a wealth of differentiating features, it is very difficult to deceive vein recognition systems.
While technical solutions are a great way of defending against cybersecurity threats, businesses also need to be investing in their employees to ensure they have the skills, awareness and knowledge to recognise and handle security threats. In fact, a report from the Department for Digital, Culture, Media and Sport and the National Cyber Security Centre found that in the businesses that had suffered a breach, 57% of incidents had first been spotted by employees. This demonstrates the impact that trained and skilled staff can have on a business.
However, the flip side of this is that one of the most common methods of breaching an organisation is still via phishing as many employees still don’t know how to spot and manage these threats.
Teaching employees cybersecurity skills will not only help in preventing future attacks, it will also create a level of trust between the employees and the employer. Afterall, trust and honesty need to part of the internal culture of the organisation, and it is imperative that we enable people to be the strongest link, rather than the weakest
In this age of hyper-connectivity, it is no surprise that cybersecurity continues to be a major priority for all industries and businesses, not just financial services, but also that technology holds the key to many of these issues. Businesses need to be proactively putting provisions in place to combat the risk of security threats rather than having to rapidly respond. This includes predicting and responding to an array of threats, as well as continuing to evolve and test the cyber defences
The fact that banks are publishing their operational and security incidents is also a positive step in tacking cyber threats. Whilst this may not directly impact the ability for a company to resist attacks, it will deliver a level of openness and transparency that will increase the levels of trust and confidence with customers.