For as long as the Internet has existed, cybersecurity has been at the top of the risk management agenda for financial services firms. But since the start of the pandemic, it’s even more critical as cyber criminals target firms’ remote workers and third-party partners with sophisticated techniques—from malware to social engineering.
This is happening at a time when the financial services industry is continuing to digitize services, adopt cloud and transform the traditional banking model, thanks to advances in Internet banking, mobile apps and instant payments.
But the industry is also grappling with constantly evolving regulatory oversight around cybersecurity—and tasked with the Herculean effort of vetting and managing a host of third-party vendors, suppliers and partners in the FI landscape.
While this means more (and better) banking options for consumers, it also means more attack vectors for cyber criminals. Plugging in the gaps isn’t enough, especially since firms are adapting to hybrid workplace models for a post-pandemic world.
The implications are massive: According to a 2020 report from Accenture, Securing the Digital Economy, the financial services industry could lose nearly $350 billion to cybercrime by 2025.
Building cybersecurity resilience
For any firm, in any industry, the focus now is on building resilience rather than plugging in the gaps. It’s about creating a culture of security, supported by technology. And it’s about anticipating attacks and having a plan in place when—not if—an attack occurs.
But in the highly regulated financial services industry, the consequences could be even more dire than stolen data or reputational damage—and those consequences are already dire.
An emerging threat for financial services firms isn’t just data theft, but data manipulation. In other words, data can be manipulated to disrupt financial markets, including credit scores, customer account data and Know Your Customer (KYC).
Plus, there’s a growing threat of insider attacks and even accidental disclosure.
For its 2021 Security Outcomes Study, Cisco surveyed more than 4,800 IT, security and privacy professionals in 25 countries—and of those participants, 589 represented firms in the financial services sector. Independent security research firm, the Cyentia Institute, provided an analysis of that data.
It found that financial services firms that continue to invest in best-of-breed modern infrastructure with a well-integrated tech stack are seeing big dividends.
“Conversely, those who indicated that their organizations rarely upgrade infrastructure or only do so when things break showed significantly reduced rates of success,” according to the study. “Reactive refreshes suggest something went wrong to force unplanned expenditures, and business leaders tend to frown on such surprises.”
While firewalls are nothing new to the financial services industry, the prevalence of remote workers—for example, payroll, HR and admin staff working from home during the pandemic—has created a host of new cybersecurity risks. And many financial services firms are saddled with legacy systems and applications.
A next-generation firewall (NGFW) provides capabilities beyond a traditional firewall, such as application control and cloud-delivered threat intelligence. Along with endpoint protection, a NGFW is a critical component of a firm’s security arsenal—particularly as we see the evolution of hybrid work models and the expansion of the Internet of Things (IoT).
A cloud firewall, which is network-based, can protect a firm’s network from the latest cybersecurity threats by using predetermined security policies to monitor and manage network traffic—and enable private network access for remote workers.
Allstream’s Cloud Firewall, for example, allows you to create encrypted IP-SEC tunnels between all of your remote sites and manage which applications have access to the Internet (and how they get there). You can also receive notifications of potential threats, as well as scheduled summary reports of your security status.
While NGFWs provide foundational security, blockchain has the potential to make the financial services industry more transparent, helping to reduce risk.
Blockchain for financial services
Since a blockchain is a digital ledger that uses tamper-proof cryptographic algorithms, it can reduce risk when processing and recording digital transactions—particularly between financial intermediaries such as payment networks and money transfer services. And it can help to verify a customer’s identity (stored on a blockchain) to prevent fraud and money laundering.
Aside from the clear benefits around security, blockchain will also vastly improve the banking experience for lenders and customers alike, substantially speeding up approvals and transactions.
Despite its potential, we’re still in the early stages of adoption, and there are plenty of hurdles to overcome before we reach widespread adoption—from lack of interoperability and regulatory frameworks to a limited supply of skilled blockchain developers.
It’s been said that there are two types of financial services firms: those that have experienced a cyber attack and those that will experience a cyber attack.
While blockchain holds great potential for cybersecurity, it’s important to create a strong foundation of technology—along with a culture of security that includes employee training—to beat the odds.