Financial service providers have worked very hard on cyber risk management for decades. However, the latest report from the Bank of England shows an increase in the proportion of banks that say a cyberattack is a risk they find most challenging to manage. Why is cybersecurity still such a problem?
Palo Alto Networks takes a close look at cyber security in the financial sector and gives five critical pieces of advice.
The finance fundamentals are changing slowly, but technology in this sector is developing at a rapid, increasing pace. This is precisely what the cyber opponents take advantage of. The most common target for criminals is financial gain. With the digitization of more and more financial processes, the path to criminal income is getting shorter, and the “returns” are increasing.
Indeed the financial industry should have learned how to prevent these attacks. However, the effects of an increasingly complex and evolving FinTech environment must also be taken into account. The PSD2 (Payment Service Directive 2), an EU directive for payment service providers, aims to open the supply chain for many other financial service providers. In addition, there is the existing technical infrastructure of the banking sector. IT providers are developing their technology faster and faster, but even financially strong banks cannot migrate to newer platforms at the same speed. Finally, there is the human factor, including poor security awareness and a lack of skills and expertise in cybersecurity.
For something to change, Palo Alto Networks believes that the following actions are required:
This may sound simple, but all too often, there is a divide between technology and business. Without a holistic approach, it cannot be defined whether activities in the network occur regularly or whether they have a malicious background.
Agile is a term that is often used in board meetings of banks and other companies. But while DevOps teams can now purchase cloud computing resources in milliseconds, most security features are acquired in fixed, multi-year contracts. Cybersecurity needs to take into account that a bank today creates applications and digital services across multiple channels. When banks consider a cloud-first approach to security, they can better focus on keeping up with the digital transformation.
It is all too easy for banks to use open, networked systems because they are faster and easier to implement. The challenge is not knowing where the subsequent risk is coming from or how far it could affect. More and more banks have to switch to the concept of “Zero Trust Networking.” Better coordination between business processes and technology can ensure that only the required access is granted, which reduces the impact of a security incident.
Many of the basics of good cyber hygiene have been around for many years. However, the environments in which they are applied are constantly changing. For example, half of the business passwords in public cloud areas are poorly defined and managed.
Given the increasing networking of banking systems, a clearly defined change process is necessary, i.e. a “single source of truth” that everyone is working on. DevOps strategies in banking and financial services mean hundreds or thousands of small changes are made daily or weekly. Such models require a high degree of automation. Security should be natively embedded in each of these processes. In addition, a transition to DevSecOps should be made. This requires the right native integration points in the digitized business systems and automation to integrate them into the change process control. The attackers are increasingly automated so that cybersecurity solutions have to keep up with the same pace to avoid compromising business continuity.
As in other areas, cybersecurity in the banking sector requires an automated operating platform. On the way to digital transformation, preventive cybersecurity must be built into new financial systems as standard. An evolving problem of a digital nature requires evolving cybersecurity for the industry.
Also Read: E Privacy – Impact On The Digital Scene