It’s been a mixed year for the financial services sector. Some companies have seen increased demand for their services, while others have struggled to deal with the downturn in mortgage deals and reduced consumer spending.
At a more granular level, many financial services companies have also had to deal with new ways of work, including putting in place virtual CISOs and scrambling to protect remote workers from increased levels of cyber threats. It’s worth recognizing, however, that very few of the threats that remote employees face are completely new. In fact, most of the challenges facing the sector – and particularly the increased complexity of supply chains and consumer networks – have been around for at least a decade.
Still, as 2020 draws to a close, it’s a good moment to cast an eye over the threat landscape that financial services companies find themselves in, and to highlight the key challenges on the road ahead. In this article, we’ll do just that.
1. Misinformation and trust
This year saw several newspapers in the US, including The New York Times, launch new initiatives to track viral misinformation. While most of this misinformation was focused on ostensibly political opponents, it also appears to have had an effect on confidence in financial services.
Not only is this a business challenge for established financial services companies, it also creates real cybersecurity challenges for them. One of these is…
2. Complex supply chains
Perhaps the biggest of these challenges is the fact that the increasing complexity of the financial services sector offers a larger attack surface for hackers and malware.
Customers are increasingly keen to manage their finances via an interconnected network of traditional banking tools and novel accountancy apps. Any personal accounting software consumers use to track their finances should come PCI DSS compliant to ensure that their financial data is stored encrypted in a secured environment, and thus reduce the odds of them falling victim to a cyberattack. This approach might provide added convenience and security for businesses and consumers alike, but it’s also not enough.
To be more specific, financial services organizations will need to focus on protecting remote endpoints in order to deal with the increased number of potentially exposed endpoints. This includes developing inventories of assets and software, running patch detection and vulnerability scannings to locate issues, and then an automated remediation validation phase to ensure that any patches or configuration changes used to fix the vulnerability were effective.
3. Credential and identity theft
Though the financial services sector has had to deal with the consequences of identity theft for years now, 2020 was the year that identity and credential theft exploded. Early analyses show that during the pandemic, the rate of identity theft increased significantly.
This increase has come despite increased consumer awareness of the risks of identity theft, and shows that awareness of these dangers is not enough. Consumers know that they should be careful to protect their data, but also lack the expert knowledge necessary to protect every aspect of their online lives.
For the financial services sector, this presents both a problem and an opportunity. In the past few years, some companies have seen great success in promoting the fact that they take consumer privacy and security seriously, and this is a trend that is likely to continue for the next few years. As an example, several financial assistance companies such as Credit Saint and Sky Blue offer identity theft protection and restoration services as an additional part of their credit repair programs.
Ransomware is another type of threat that has been around for years, but has lately exploded into great public prominence. The rise of ransomware over the past year, and particularly during the pandemic, indicates that thieves and hackers are taking a more sophisticated approach than before. Instead of directly stealing customers’ information and then selling this on, they have realized that the consequences of a successful attack go way beyond the immediate loss of customer data – instead, it can be the loss of public confidence that really hurts a firm.
Combating ransomware is, of course, a perennial struggle for cybersecurity engineers. However, there are also trends in the way that these attacks are implemented that are worth paying attention to. Specifically, this year has seen a rise in the number of attacks that relied on the cooperation (willing or not) of ex-employees.
5. Emergency technologies
Finally, and while many companies in the financial sector are still struggling to deal with the challenges posed by the current generation of technologies, it’s becoming increasingly clear that the next generation of technology will permit cyberattacks of unprecedented scale and speed.
Of this group of emerging technologies, two are of particular concern. One of these is the implementation of 5G mobile networks, a technology that is a key prerequisite for the widespread adoption of strong encryption for financial apps, but also gives attackers access to far greater capabilities when it comes to committing crimes. The second is AI, which is already being used to produce deep fake videos that can fool biometric security systems.
Of course, not all cyberthreats are based on new technologies, and attack vectors that were previously thought obsolete do re-emerge sometimes, as we’ve seen recently in the rise of SMS phishing. For financial services companies, this necessitates constant vigilance across the threat landscape.
Similarly, though we are seeing the emergence of new threats, it’s not all bad news for the financial services sector. With the election now out of the way, there is increased speculation that a Federal department of cybersecurity is about to be formed. While increased government support is always welcome, the financial sector will need to stay agile and vigilant in order to identify and combat the emerging threats of 2020.