Facing Modern Information Security Challenges in Banking & Finance
The New York State of Department of Financial Services recently released a report on their industry survey results of cyber security within the banking sector as a response to the increasing number, sophistication and scope of cyber attacks against the industry. Respondents included community and regional banks, credit unions as well as foreign branches and agencies.
Some of the major business drivers motivating the banking industry to spend budget on information security includes regulatory compliance, business continuity/disaster recovery and company reputation. For the banking and financial industry, regulatory compliance means the infosec requirements set forth by the FFIEC (Federal Financial Institutions Examination Council).
Large Organizations Targeted with Phishing Attacks and Account Takeover
And when it comes to who’s targeted, it’s not limited to any size of organization - small (13 percent), medium (21 percent) and large (35 percent) were all hit, although larger institutions were more likely to be hit with malware and phishing attempts.
The types of attempted intrusions were overwhelmingly attributed to malicious software (22 percent) and phishing (21 percent). The most frequent types of consequences resulting from a breach were more varied - with account takeovers leading by far at 46 percent. Others include identity theft (18 percent), telecommunication network disruptions (15 percent) and data integrity breaches (9 percent).
Find out more about online banking threats in The Current State of Online and Mobile Banking Security.
Barriers to Security: Third-Parties & Limited Resources
As the report states in their conclusions, one of the information security challenges brought about by the banking/financial industry is the heavy/continued reliance on third-party vendors for critical banking functions.
And not just the small and medium-sized businesses outsource to save on costs and resources - large companies also outsource. Smaller businesses might outsource certain functions like payment processing, web application and online banking systems to external companies.
It gets even more challenging considering the fact that these third-parties aren’t required to undergo penetration testing to determine the strength of their environment’s security (a fact that perhaps the FFIEC or other banking/financial compliance regulatory body should consider; similar to healthcare’s HIPAA law that includes third-parties in the scope of compliance).
And even if they’re willing to undergo a test, small and medium-sized companies don’t always have the resources to conduct it.
Another challenge the report emphasizes is the issue of limited resources - costly software that’s rarely updated, deployed inefficiently, or fails to guard against social engineering is more of a detriment than an asset to a bank’s security defense strategy.
This makes a business case for cloud-based security that doesn’t require excessive management, setup or complex deployment. With a modern, cloud-based two-factor authentication solution, your organization can take advantage of easy-to-use and easy-to-deploy security that’s actually effective as well as affordable.
Find out what to look for in a good security solution in our Two-Factor Authentication Evaluation Guide.