Digital Transformation Outpacing Financial Institution Security
Can bank and credit unions overcome vulnerabilities to meet a new demand for digital banking
Traditional banking organizations today seek to leverage open core systems, fintech company partnerships and application programming interfaces to increase their digital visibility. They want to enhance products, strengthen customer relationships and raise brand recognition. The danger is digital transformation efforts have outpaced security capability, in many cases, because cybercriminals have gone digital too.
Most traditional banking organizations have been moving steadily toward digitization for some time now because account holders assume near-real-time online transactions, and expect their financial institutions to provide 24/7 web services.
Then work normally done face-to-face suddenly depended on digital technology due to the pandemic. Consumers leaned heavily on digital banking services. A 2020 report from World Retail Banking revealed 57% of consumers preferred internet banking in the Covid-19 era. Meanwhile, banks and credit unions closed many locations, and abruptly shifted tens of thousands of employees to work remotely.
The current extent of the threats, as well as the inability of defenses to protect an organization’s digital presence, jeopardizes financial institutions. Breaches, phishing, malware, domain infringement, malvertising, ransomware, malicious mobile apps, brand abuse and fake social posts are all currently conspicuously dangerous to traditional banking organizations.
Digital Transformation and the Pandemic
The COVID-19 pandemic forced many companies to accelerate their digital transformation strategy. However, while this digitization enabled banks and credit unions to fully serve their customers during the pandemic, it also raised the security stakes considerably.
While Information Security investments have increased to protect the implementation of digital and cloud computing, security programs and resources are racing to catch-up when it comes to many organizations' external digital defense.
Cybersecurity for financial institutions was critical before COVID-19 hit, and likely even more so now, according to a Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center (FS-ISAC) study. The report also noted how hackers and cyber scammers benefit from expanding technology footprints and new attack surfaces, and with remote employees.
The Deloitte/FS-ISAC report also revealed as digitization and remote work accelerates, and lines among employees, customers, contractors, and partners/vendors blur, it complicates traditional network perimeters.
The Cost of Security and Insecurity
Even before the pandemic, businesses were under attack from hackers and spammers. According to insurance carrier Hiscox, security incidents cost businesses of all sizes $200,000 on average. Many organizations observed an increase in malicious activity and cyber-related fraud since the coronavirus pandemic struck.
Attacks on financial institutions typically happen through malware or phishing/social engineering campaigns directed at customers but employees are the biggest risk identified by cyber experts.
AT&T research points to a lack of awareness, apathy and/or reluctance to adapt to new technologies as the biggest challenge to implementing good cybersecurity practices within organizations (31%). The report indicated that 35% employees use devices for both work and personal uses, 24% share or store sensitive information in unsanctioned cloud applications, and 18% share work devices with another family member.
Because COVID-19 responsiveness magnifies protection flaws, experts urged business executives to remind employees to recognize how attackers use any adversity, such as a pandemic, as breeding ground for chaos.
According to Deloitte/FS-ISAC, banks and other financial firms are spending 15% more this year to defend computer networks from cybercriminals, and the pandemic and work-from-home arrangements are probably spurring further increases. Average spending per employee rose to $2,691 from $2,337 in 2019. Some firms budgeted as much as $3,322 per employee for cybersecurity, up from the $3,000 maximum for the previous year.
Embracing Digital without Compromising Security
Financial institutions handle some of the most sensitive customer information – personally Identifiable Information (PII), credit card numbers, and account information. As access to this data rises, the protection bubble surrounding it needs to expand.
Fintech company services, which are critical to financial institutions’ capability, including APIs, technical support, cloud-based financial applications, security monitoring, email and data backup solutions also expand banks and credit union’s cyber risk.
To effectively respond to security dangers, especially those during the pandemic, organizations should seek a more proactive cybersecurity methodology containing early breach or threat detection.
One way to fortify the perimeter against threats presented by outsourcing tech is to work more closely with startup and third-party developers at the beginning stages of new products or services instead of retrofitting protection at the end.
A managed service provider can also help set up a security blanket around any organization using firewalls, prevention systems, perimeter protection devices and unified threat management containers.
ThreatAdvice vCISO, NXTsoft’s flagship software solution, provides oversight into all cybersecurity needs, warning organizations and advising what appropriate action to take. In addition, the ThreatAdvice EventTracker, provides a 24/7 security operations center team to assist with remote and on-site threat remediation. The ThreatAdvice SOC analyzes quarantined security alerts and ensures comprehensive protection. ThreatAdvice Endpoint Protection can roll back files to previous safe versions. ThreatAdvice Educate helps ensure compliance and oversight; and can also provide a Virtual Information Security Officer that helps identify informational asset risks, controls in place and the efficacy of those controls, and where to focus a cybersecurity program.