Download the “Ransomware in the Financial Sector” eBook to see how the ransomware trend is specifically impacting organizations throughout the financial services industry, and how the right technology can combat the unique risks.
Banks have always been at the forefront of enterprise cybersecurity due to their enormous stores of cash and consumer data and the financial, regulatory, and reputational consequences of a cyberattack.
However, the intersection of cybersecurity and banking can feel like battling the Hydra. As soon as one vulnerability is addressed, another one is created. Combine this with the increasingly diverse ways consumers are interacting with their money, and you’ve got a recipe for something disastrous.
With this in mind, we highlight three cybersecurity in banking trends to watch this year, and best practices to address them.
1. Self-service, Contactless Banking
The pandemic saw self-service and contactless banking go mainstream. Mobile apps are the face of this trend, but the demand for safe and convenient banking also saw a surge in the adoption of mobile wallets, digital-only banks, and autonomous finance management technology which uses artificial intelligence and machine learning to make financial decisions on behalf of consumers.
However, these applications are creating new vulnerabilities that banks will have to address. According to The Synopsys Cybersecurity Research Center (CyRC), there are pervasive concerns about mobile application security with banking applications containing an average of 55 vulnerabilities—often embedded in the application’s open source components.
While attacks on software vulnerabilities are a staple of bad actors, this year there is expected to be an uptick in ransomware and spyware attacks against consumers. The FBI warns that hackers are using these tactics to steal data from mobile devices to perpetrate fraud and take over existing bank accounts.
In the face of this threat, authentication will only grow in importance. Banks and financial services companies must move beyond simple password authentication and implement biometrics, mobile identity verification, and multi-factor authentication to improve security.
2. Regulatory Pressure to Address Risk
Keeping pace with regulatory compliance is one of the largest drivers of technology investments for banks. But new regulations, including the Prudential Regulation Authority (PRA) in the UK and the EU’s Digital Operational Resilience Act (DORA), mean banks face a new imperative to upgrade their technology to address cyber risk—both internally and from third parties.
Specifically, the PRA advances two key objectives: ensuring that financial services firms meet standards of care pertaining to risk-reduction and taking the appropriate measures to protect consumer data.
Meanwhile, DORA requires that banks and firms in the global financial industry mature their third-party risk management programs to include set cybersecurity requirements—which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with. As such, regulated EU financial entities must implement secure technologies and processes to raise overall supply chain resilience. Because the timeframe for meeting compliance standards with this complex framework will be relatively short, CIOs, CISOs, and compliance managers must start planning immediately and hit the ground running when it’s time. Read more about what DORA means for your organization.
3. Proactive, Continuous Monitoring
If banks want to keep up with consumer behavior while avoiding a major cyberattack, they must update their cybersecurity practices. But as digital environments expand—across mobile apps, payment systems, financial records, customer accounts, and on-premise and cloud services—emerging vulnerabilities call for constant vigilance.
To get one step ahead of the bad guys, banks must continuously monitor their attack surface for cyber risk such as vulnerabilities in mobile application code, unpatched systems, misconfigured software, malware, and anomalies in user behavior.
They can do this by using BitSight for Security Performance Management. With BitSight, security leaders gain extensive visibility into cybersecurity threats and risk across all digital assets in the cloud as well as geographies and subsidiaries and remote locations—all from a centralized dashboard. Using this insight, they can proactively mitigate cyber risk in the firm’s expanding digital ecosystem, see what’s lurking in shadow IT, and prioritize remediation efforts and cyber initiatives based on risk. If a new vulnerability is detected security teams receive near real-time alerts so that they can bring continuous improvements to the organization’s cyber health.
The same continuous monitoring can be extended to the financial institution’s supply chain. No lengthy or costly audits are required; instead BitSight for Third-Party Risk Management provides an instantaneous snapshot of each vendor’s security posture—both before onboarding and for the life of the contract—and generates alerts when a vendor’s security rating falls below a pre-agreed threshold. Insights can even be shared with the third-party so there is transparency in the process and both sides can work quickly to resolution.
With the visibility that BitSight brings, banks can quickly expose and move to mitigate third-party cyber risk while continuously measuring, monitoring, and maturing their compliance with DORA and PRA as well as more established regulations like the Gramm-Leach-Bliley Act, FFIEC, SOC2, NYDFS 500, and GDPR.
Cybersecurity in Banking Comes Under the Spotlight
Driven by consumer demand, banks and financial service providers are rapidly shifting to digital business models. But this brings significant cyber risk. Because of the sensitive information held in their networks, these firms have a lot to lose – making cybersecurity in banking a high priority for the year ahead. Learn more about how BitSight is helping companies in this sector gain the insight they need to secure customer data, mitigate third-party risk, and maintain regulatory compliance.