By David Juniper, Event Director, Cyber Security Events Series
The advent of online banking has welcomed in a new era of risks. Rather than a classic cops and robbers scene at a bank, cybercriminals operate remotely and affect the lives of thousands of customers and clients in an instant. But, banks are not the only targets of these attacks; the financial services industry at large has a lot to lose due to cybersecurity vulnerabilities.
Here are three cybersecurity trends for financial services professionals to keep an eye on.
- Ransomware gets smart(er) – Recent security incidents, like the WannaCry ransomware attack, show how far reaching and detrimental data breaches can be. By targeting computers with outdated versions of Microsoft Windows, WannaCry’s masterminds infected 230,000 computers in over 150 countries. But, as victims quickly found, newer versions of Microsoft Windows were not immune to the security breach. As whitehat hackers and research teams worked to contain the damage, the cybercriminals changed the nature of their ransomware to find new vulnerabilities.
- Consumer-first cyber regulations – This year, New York state implemented a regulation outlining steps banks and insurers must take to prevent and respond to cyberattacks. The regulations, which went into effect March 1, include a requirement that firms using third-party vendors perform annual supplier risk assessments. According to a 2016 study conducted by the Ponemon Institute, almost half (48 percent) of data breaches were caused by malicious attacks. Netflix’s recent breach is the latest example of how cybercriminals are now accessing information via weak third-party networks. The breach, which leaked 10 new episodes of the highly anticipated “Orange Is The New Black” series, resulted in loss of proprietary property and financial integrity.
- Big bully, small target – Gone are the days when big enterprises were the target of cyberattacks and breaches. Small-to-medium sized businesses (SMBs) often have security measures that are quicker to bypass and may be more willing to pay a ransom. The stakes are higher for smaller companies. In 2016, SMBs were most impacted by email malware with one in every 95 emails being infected, according to Symantec.
Financial services companies of all sizes should work to create stronger safeguards like employee training, regular penetration testing and stricter vendor requirements. In the future, the financial services industry can expect to see smarter attacks that will find its way into any vulnerability left unpatched.