Financial services security risks and remediations

Abstract

Cybercrime routinely targets financial services, which in kind spend lavishly to protect themselves — with notable success, as cyberattacks are often less successful against financial service industries (FSI) than other sectors. Yet the excessive costs of cyber security could be less, and not all FSIs have the resources to pursue an escalating cybercrime conflict. There are several areas that FSIs can focus on to improve their cyber security posture while keeping budgets in check. They can look beyond compliance checks as an acceptable level of protection. They can police access to their networks by supply chain providers with more nuance. They can use prevention to curtail successful attacks that can create astronomical remediation costs. Lastly yet perhaps most crucially, they can encourage board participation by articulating security issues as strategic business considerations. FSIs must look beyond the checks and balances of traditional compliance and governance, and risk questionnaires. They should avoid construing unknown risks due to a lack of IT visibility as acceptable risks, and they must consider creating space for technology and security experts at the highest levels of management, such as mandatory board seats. At a technical level, they should adopt the zero trust security framework of ‘Never Trust, Always Verify’, enhanced monitoring of all IT areas, and unplanned audits to encourage compliance as a continual project. This paper focuses on where FSIs face security risks and how to address them.