With a spike in cyber-attacks, financial services firms are leveraging innovative tools for combating this threat. Companies are now looking at improving security programs, using technologies such as Identity and Access Management (IAM), cloud-based cyber-security, Biometrics, Big Data Analytics, Privilege Account Management (PAM), together with advanced authentication.
According to a survey, ‘Systemic Risk Barometer’, conducted by the Depository Trust & Clearing Corporation – DTCC – cyber-security has been regarded as one of the top concerns for most of the financial institutions. As per the study, heightened concerns over cyber-attacks have led many market participants (reflected through responses of 73% of survey respondents) to increase their investment in technology to detect and prevent cyber threats. Security incidents have been on the rise across the financial markets, and the respondents of the survey opined that the frequency as well as sophistication of cyber-attacks have increased over a period of time.
Keeping sensitive information safeguarded is important for financial organizations from business and brand reputation standpoint.
Financial institutions are adopting newer methods including war gaming, inducting talent with specific skills, as well as increasing collaboration for better understanding the ecosystem. Organizations are also looking at beefing up intelligence apparatus for detecting new threats on a consistent basis. CIOs are actively involved in bringing new and refined capabilities that strengthen IT Security in their organizations.
For combating the issues, companies in the financial domain are now proactively looking at following solutions:
- Promoting quicker detection of threat and short response time: Evolving and implementing solutions that allow timely sharing of data for preventing incidents, as well as supporting faster detection of breach with short response time. Setting up a notification mechanism whenever a suspected access is made through an unlikely location or device.
- Educating management about the threat landscape: The threat landscape is so delicate that if there is a breach it is ok to shut down critical systems even if it may cause business loss and hamper operations. Greater focus has been given by IT departments to spread greater awareness about cyber security and the approach to be adopted while rectifying a breach.
- Tracking access or users and devices: Cyber security cannot be seen as an issue that can be contained within an IT department. Organizations that understand the risks from every desk would be able to respond to a serious threat in the most appropriate manner. An identity, including employees, third-party service providers and customers, can be vulnerable to cyber-attacks. If an identity is left unprotected, data and systems could be compromised, allowing criminals to procure sensitive information that might cause losses to the firm. Maintaining a repository of user access and devices that are synced with the system and keeping a check on a continuous basis is crucial.
- More controls on access made by business partners: Financial companies are working along with clients, customers and other businesses. The information and data is being shared with partners who are contractually bound not to misuse data. However, in case of an undetected theft through a partner or a systematic flaw in the system, contractual clauses might not stand valid. It is therefore important to enforce a set of access protocols by bringing third party into an organization’s secured IT System.
- Securing mobile based transactions: Advanced authentication has now become the method for financial institutions for tackling rise of mobile risks. In many cases, banks are now allowing customers to access their accounts by using Multi Factor Authentication (MFA) through a mechanism such as One Time Password (OTP).
- Moving beyond regulatory compliance: Compliances are a set of guidelines that help businesses get close to secured systems. They are not a fix all remedy for achieving 100% Cyber-Security. Organizations are taking a step ahead of regulatory compulsions in implementing strategic initiatives for improving security and reducing risk of attack.
- Creating solutions for the industry: IT Security requirements and capabilities of an industry varies depending on the nature of information to be safeguarded. In the financial sector, the data is monetary in nature and is always on a look-out by hackers. Most financial organizations are looking at mechanism such as Big Data analytics. It helps in understanding internal and external risks. This has also helped them in monitoring user behavior as well as network activity.
Financial institutions are spending in multitudes for securing their environment against cyber-threat. Bank of America, J.P. Morgan, Wells Fargo and Citibank have collectively spent USD 1.5 billion for battling cyber-crime . While the biggies are securing their system, are you doing enough to ensure cyber-security at your firm?