The Cybersecurity of Banking and Finance
By Daniel Burrus
I’ve discussed the importance of cybersecurity in healthcare due to the extremely sensitive personal data and the loss of trust if hacked. If healthcare data and a patient’s trust is as sensitive as research shows, then it’s no surprise that the banking and financial industry is in serious need for anticipatory cybersecurity and digital data protection.
Up until the early eighties, transactions at financial institutions were handwritten, calculated long-hand, and done without the aid of a computer or calculator. Fast forward many years and not only can we make deposits and automate our bills to be paid online, but many employees of financial institutions are starting to work remotely as well.
Additionally, cash out technology is replacing physical cash and check exchange. PayPal, Venmo, Zelle Pay, Apple Pay and many more make the exchange of money a social network of sorts with minimal or no fees, depositing straight into your bank account digitally without the bank’s physical presence or involvement.
A Breach of Banking Security
Whether you drive to a bank to withdraw cash or log into your Venmo account and deposit cash digitally, banking is a personal and serious subject. Keep in mind, a financial institution has every last little detail about our financial situations.
Historically, a security breach in a bank was a takeover robbery. These now pale in comparison to cyber crimes committed against financial institutions, where they take sensitive information and even your identity. Much like the healthcare industry, financial institutions are faced with thousands of cyberattacks every single day, with ]the financial reward much greater than cash.
One example of a big bank that suffered a massive attack was Capital One. A single weak spot in cybersecurity allowed for cyber criminals to capture the personal information of over 100 million people and leak it to the world.
In the past year, there have been over 3,000 known successful cyber attacks against financial institutions according to the Treasury Department’s Financial Crimes Enforcement Network. In the case of the Capital One hack, their system flaw was described as a “configuration vulnerability” in its security software that compares to the tellers and security guards in past banking years all going to lunch with the vault wide open and a lobby full of people.
Time for a Change!
Anticipatory cybersecurity measures should be elevated at financial institutions much like the healthcare industry. Capital One’s hack is not the only large scale financial institution that succumb to hacking, as we saw with companies like Equifax and Morgan Stanley being attacked as well.
Banks and financial institutions implement cyber protection, but are they really safe? I know of several cyber companies that test for vulnerabilities in this industry and within 48 hours they gain access to everything the bank “assumed” was protected and safe. But cyber protection is ever changing and in need of constant testing for new vulnerabilities, and unfortunately, the vast majority of current cyber security strategies is about reacting quickly after the problem occurs rather than an anticipatory one.
The Hard Trend that cyber criminals continuously find a way to outsmart the institutions should be used by banks to pre-solve hacking problems before they become a nationally reported disaster, and be anticipatory by using behavior analytics and other anticipatory tools to prevent a breach of security and the breach of trust.
When hacking occurs repeatedly in an industry, trust breaks because the customer does not feel their personal information is truly valued by the institution.
Hackers love to take advantage of weak passwords or use emails loaded with malicious computer code that lets them get inside the network while others scan for out-of-date hardware and software missing the latest security fixes. Likewise, cyber criminals work around the clock, therefore the IT firm or internal IT department must be in place to do the same.
Anticipatory cyber strategies put the cyber education of employees as a priority, with an outside firm doing security scans on everything before the problem occurs, having all software scanned and updated regularly, and making sure spam filters are adequate in your company’s email system.
Free Perimeter Test
Because we see cybersecurity as a strategic imperative in protecting your future brand and reputation, we have identified best-in-class cyber testing companies that will provide a free perimeter test of your organization to check for vulnerabilities in your cybersecurity defense system, provide the results of their tests and recommend immediate actions that can be taken to stop any uncovered leaks in your system.