<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">

3 Cybersecurity Risk Factors Financial Institutions Often Overlook

BitSight | July 10, 2018

With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered.

With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly.

Here are a few historically overlooked risk factors that deserve some additional attention:

Vendor Risk

Financial services firms handle an incredible amount of sensitive information. Almost every day-to-day operation at most finance-industry organizations involves some amount of personally identifying information or payment information. At any moment, there could be millions of credit card numbers, social security numbers, account credentials, and more zipping around an organization’s systems.

[Learn how Continuous Monitoring is revolutionizing Risk Management.]

Ensuring the security of this critical data requires more than protecting one’s own network. Comprehensive cyber risk mitigation also involves assessing the security programs of any vendors that might come into contact with this sensitive information.

For financial services firms, two categories of vendors are particularly important: point-of-sale providers and payment processors. Because sensitive information is at the heart of these vendors’ operations, their systems are favorite targets of hackers, and therefore their cybersecurity programs have to be extremely robust.

Every third party that touches sensitive data should be assessed carefully, but if resources are limited, POS and payment processing vendors should be at the top of the list.

Using BitSight Security Ratings for vendor risk management can help ease the burden on risk professionals and give them more time to focus on critical third parties. BitSight offers continuous monitoring of all vendors based on externally observable factors, so security teams can maintain ongoing awareness of the risks they’re exposed to by payment processors and POS vendors.

Mobile Application Security

An increasing number of people are accessing their banks, investments, and other financial services firms through online portals and mobile apps.

Financial services firms have poured a lot of resources into developing user-friendly mobile applications that enable customers to use their services on the go. Unfortunately, many of these applications have security vulnerabilities that could potentially be exploited by hackers.

A recent research effort analyzed the security of web apps from various industries. Shockingly, they found vulnerabilities in 100% of the financial institutions they tested.

Thankfully, financial services firms don’t need to wait until a data breach occurs to identify cybersecurity risks in their web apps and mobile applications. BitSight maintains security information on most iPhone and Android applications, so users can quickly see whether their application — or the apps of services they use — are up-to-date with best practices concerning encryption, TLS/SSL certificates, access management, and more.

DDoS Protection

One cybersecurity risk factor that is definitely not overlooked is the distributed denial-of-service (DDoS) attack. In DDoS attacks, a range of devices (typically infected with botnets) flood systems in order to take them offline. These can be acts of aggression or sabotage, or the attackers might use them as blackmail or as a distraction while a simultaneous cyberattack occurs.

DDoS attacks have been plaguing the financial services industry for years, and many risk professionals have come to accept them as an (unfortunate) reality of the job. However, while these attacks might be nearly impossible to stop, there are services out there that can enable financial institutions to minimize their effects and reduce downtime.

The answer lies in the cloud. Companies like Cloudflare and Akamai “prevent” DDoS attacks by simply scaling up capacity to handle even the largest DDoS attempts.

One of the key advantages of cloud computing has always been the ability to scale up and down as business needs fluctuate. DDoS protection is an acute example of this, and one that can help financial institutions avoid the negative consequences of the next attack.

It might feel impossible to contend with every threat in today’s cyber risk landscape. However, services like BitSight can help security leaders take on more threats without requiring tons of additional resources.

Learn how continuous monitoring technologies are revolutionizing every area of risk management. Download the Ebook.Download Ebook Now

Suggested Posts

What You Can Do Today to Prevent A Data Breach

When it comes to data breach prevention, there are plenty of guides for reducing risk in the long term. While it’s definitely valuable to be working on a data breach prevention strategy with 6-month, 1-year, or 5-year goals, not every...


Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...


Forecasting: The Missing Link in Your Annual Security Performance Planning Process

When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to...


Subscribe to get security news and updates in your inbox.