By Scott Cutler, Director, UK&I Sales, Fortinet
Anyone with a passing knowledge of heist movies will know that the best time to strike is when the target is in transit. With that in mind, it’s not hard to see why cyber-criminals have more opportunity than ever before to attack businesses across a range of verticals.
The volumes of data moving between multiple public and private cloud services and applications – via a huge array of internet-enabled devices – are massive and growing. Nowhere is this more applicable than in financial services, where businesses must remain in constant flux to meet consumer performance expectations, often processing and delivering data in real-time.
In some ways, this is exciting – driving business growth and the consumer experience. But it’s also placing an unprecedented security strain on an industry which needs to find new ways to protect itself and its customers.
Keeping pace with criminal intent
IT infrastructure has come a long way. The growing adoption of SD-WAN is a prime example of this, helping organisations to increase efficiency and enable digital transformation. But for every advancement in IT, businesses have to develop cybersecurity strategies to match – all while grappling with savvy criminals, ready to make the next move.
As a result, the modern threat landscape is varied and growing. Whether it’s threat actors exploiting SD-WAN weaknesses, coordinated phishing campaigns, rogue employees, Trojan malware, or lone wolf hackers-for-hire, cyber-attacks and data heists now pose a huge threat to the economy of the financial services sector.
In North America alone, it’s estimated that ‘the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion.’ The interests at play in each of these breaches are varied, but range from a sale on the dark web to alleged political manipulation at a grand scale. While the Cambridge Analytica Facebook data scandal is hard to quantify in monetary terms, others are more concrete. In 2018, American bank SunTrust suffered a breach that potentially exposed 1.5 million records – while Capital One recently disclosed a breach that impacted 100 million people.
Collaboration over competition
Financial services have to keep evolving, whether it’s offering 24/7 account access on the go, or driving forward new innovations in payments. However, it’s also crucial to underpin the customer experience with cybersecurity systems to match. Investing in the right tools plays a huge part in this, whether that’s firewalls, security tokens, or anti-virus programs.
But vulnerabilities remain. The financial services industry needs to look a little wider, and explore how organisations can collaborate (rather than compete) with each other to tackle threats. In doing so, they can create safety in numbers – sharing knowledge, spotting threats and developing solutions faster. And, in the age of Open Banking, ensuring a consistent security posture across the broader data ecosystem.
Some are already making strides towards this, and proving the benefit of a unified approach. In the US, more than 100 industry experts from the financial services industry came together in 2017 under a cyber resilience initiative called Sheltered Harbor. The goal is to provide members with an extra layer of security, so that if one falls victim to a cyberattack, another bank takes over, ensuring customers experience minimal disruption.
In the UK, a similar initiative took the form of the Financial Sector Cyber Collaboration Centre. Through this, several banks, securities exchanges and insurance firms have come together to fight cybercrime, and collaborate with the National Cyber Security Centre (NCSC) and National Crime Agency (NCA), in a faster, more coordinated way.
Light at the end of the cyber-tunnel
The appeal of a collaborative security approach is clear. However, there’s still work to do – not least because security experts face a confusing array of products, including access control, data confidentiality, privacy, and breach prevention. And products from different vendors may not work effectively with each other – so businesses must also try and prioritise investments in tools that support, not impede, collaboration.
Ultimately, this protection has to be seamless, meaning that interoperability between systems is as important as the systems themselves. Information must be easily and safely shared and the various tools must work together.
When these parameters are in place, an organisation can get the best possible protection for its particular needs, whether across endpoint, network firewall, or cloud environments. Just as importantly, businesses can gain access to the shared knowledge of multiple cybersecurity firms working together to detect threats. This approach offers safety in numbers – and for financial services, it may well be the future of protection.