As innovation in technology accelerates, so must the innovation that protects it from an ever-evolving cyber threat landscape. The stakes are becoming too high for cybersecurity to be pushed to the bottom of the boardroom agenda.
Treasurers in both corporates and financial institutions (FIs) should take a strategic approach to evaluate their internal procedures and have honest conversations early on with their IT departments, adopting solutions that avoid larger insurance costs further down the line. Once firms have this better understanding of their potential exposure to cyber risks, they can put the right insurance in place so their technology and clients are covered.
As technology becomes more complex, the avenues of attack that cyber criminals can take are increasing. So raising awareness within an organisation and encouraging best practice amongst employees can be an effective first step towards protecting against cyber crime. These values can be instilled in individuals as part of an induction programme, with regular catch-up classes and campaigns throughout an employee’s career. Despite this, it’s reasonable to assume that human error and oversight will continue to create vulnerabilities. Security therefore needs to be layered, starting from early threat detection, incorporating security solutions into the network and each and every connected device and application.
When it comes to the world of treasury and financial services, cyber attacks are one of the most significant threats felt by both banks and the corporate customers, market infrastructures and trading platforms. With worries growing that cyber activity poses a real risk to the global financial system, regulators and policymakers around the world are looking at ways to combat this threat. In fact, nearly three quarters of financial services firms’ decision makers remain unconvinced that their organisation allocates sufficient resource to defend against cyber threats, according to a BT study that explored the attitudes and preparedness of IT decision makers towards distributed denial of service (DDoS) attacks against their organisations.
A Growing Concern
The cybersecurity issue was high on the agenda at the most recent meeting of the World Economic Forum (WEF) in Davos, with banks pressing officials to pursue cyber criminals more vigorously, or to let the firms themselves chase the criminals. Last month, the US Securities and Exchange Commission (SEC) published the results of its survey of broker-dealers and investment advisers about cybersecurity efforts showing that over the past year, 88% of these firms or their vendors have been victims of a cyber attack.
Over in Europe, Andrew Gracie, an executive director of the Bank of England (BoE), said in a speech given in January that Britain’s banks must do more to stave off the danger posed by possible cyber threats. He observed that these institutions are often geared to deal with physical threats, but cyber warfare has transformed the definition of data and security.
The worrying trend is that these attacks are getting bigger, more coordinated and more sophisticated, with the motivation shifting from simple fraud, to a desire to disrupt or destroy whole infrastructures. Attacks are becoming better at breaching security defences, causing major disruption and even bringing down systems for a number of days.
BT’s research found that almost half (45%) of IT decision makers in financial services firms admitted their organisation had been hit by a DDoS attack over the past year. There is a consensus that DDoS attacks are becoming much more disruptive, with two-thirds (66%) of the financial services organisations polled agreeing that this type of activity is becoming more effective at breaching security defences.
However, according to the study, the financial services industry is actually better prepared than most to stave off disruptive cyber-attacks, with more than two-thirds (69%) claiming they have a response plan in place should a DDoS attack occur. This is above the cross sector average of 60%.
The study also shows that DDoS attacks have evolved significantly in the past few years. As the ‘electronification’ of the markets continues to rise, the potential disruption is a growing concern. A large scale attack could have a huge financial and reputational impact – not just on a specific organisation, but on the whole sector.
Legacy technology, which can be particularly vulnerable to attack, must be reviewed. If it exposes a weak spot, it should be replaced. Indeed, there has been a drive in the financial services industry to find the most cost-effective and sophisticated way to replace legacy technology and the threat of cyber crime has been a key driver for this shift. Timeliness is also key here, as cyber risks to organisations are moving too fast for a purely reactive security approach to be successful.
Responding to an Evolving Threat
Not surprisingly, BT’s financial services customers report that security is one of their top priorities. The group us helping them understand the nature of the threat and improve their security through services such as the BT Assure portfolio that brings powerful cloud based security and risk management to networks. Nonetheless, the industry as a whole must coordinate actions, promoting defence by sharing information to allow everyone to be better prepared in preventing attacks.
We are living in an era where security threats are becoming more frequent, complex and targeted at a far greater range of devices and networks. Security solutions have to evolve as quickly as the threats that are being thrown at them, while security specialists need to leverage technologies themselves to improve their products.
As regards insurance terms, a combination of professional advice, the right technology solutions and having an effective response plan in place can help to mitigate the exposure to risk and assess the level of cover required.
In a world where prevention is definitely better than cure, corporates and financial services firms alike need to apply the latest security and risk management solutions in a timely manner to ensure they’re prepared for the worst that the cyber world can throw at them.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.
Politicians have united in urging the Reserve Bank of Australia to lend its backing to the digital currency by officially recognising it.