A modern approach to cyber threat protection: The holy grail of cyber security departments?

Abstract

Cyber security is not only a hot topic debated intensely among business managers, but also a growing concern that enforces unplanned and often undesirable changes. Too tight security measures usually result in a spike in customer complaint volumes; too slack cause a lot of grey hair, especially after a breach. Continuously accelerating growth in number of IT applications, proliferation of various types of devices, software versions, channels and endpoints are significantly increasing the surface area of potential attacks. For professionals with strong links with the world of finance and security, it comes as no surprise that the old approaches are rapidly becoming obsolete. In many cases they cannot handle new challenges, not to mention elaborate and constantly evolving sociological theft strategies. New approaches are desperately sought. The hunt for the holy grail in a cyber security area has been on for quite some time now — apparently without a clear conclusion, as cybercrime is on the rise, regardless of the industry or geographical region. Data leaks and account takeovers have become daily news stories that many people pay attention to. This is why decision makers are exploring different approaches to security by venturing into new territories that were previously not purely classified as directly connected with security issues. Yet, if we want to ensure our clients’ finances, data and interests are appropriately protected, surely all options should be considered? This paper aims to shift the way managers view security in their institutions by highlighting alternative ways of approaching the subject. By incorporating into security interconnected and interdependent layers of verification mechanisms, higher fraud/takeover detection rates can be achieved without affecting usability. Readers will gain complex insights as to how these layers behave and how they operate within the financial institutions.