Cyber security has quickly risen to the top of the business agenda in recent months. High enough that 86% of financial services firms across the UK, Europe, US and Hong Kong, intend to spend more money on cybersecurity in 2017.
An array of high profile attacks on businesses, including cyber attacks on HSBC and Lloyds Banking Group, have put a renewed emphasis on data protection and security. UK Chancellor Phillip Hammond has even announced a five-year, £1.9 billion scheme to help prevent cybercrime.
>See also: Cyber crime and the banking sector
Perhaps the highest profile of recent cyber-attacks – the WannaCry ransomware attack that infected more than 230,000 computers around the world – served as a wakeup call for many organisations, especially those in the financial services sector.
The financial services industry is a routine target for cyber criminals, more so than any other. Bank account fraud is at the top of the most common forms of financial cybercrime in the UK, with 2,356,000 cases reported last year alone.
Consider the points of vulnerability for a second – most of us pay our bills online, buy products online, check our account balance online and very soon, we will pay our taxes online. The opportunity for fraud and attack is huge.
Subsequently, financial service providers are in a challenging position. The modern world demands digital infrastructure, but digitalisation presents new security and data risks. With the EU’s General Data Protection Regulation (GDPR) looming on the horizon, along with fines of €20 million or 4% of global turnover in the event of a data breach, data security is at the top of the financial services business agenda. Clearly the foundation has been laid for comprehensive and robust cybersecurity, but what do financial services firms need to do to ensure they are prepared?
Cyber security is not going away – education is key.
With one in five British firms being subjected to a cyberattack in 2016, the regulatory focus on cybersecurity will continue to grow, consequently, the need for education on data management, including destruction and disposal, is key.
Business influencers and top executives need to invest time in educating employees on the benefits of good data management, disposal and destruction if they are to get employees on board and ensure company-wide compliance. IoT devices, home laptops, desktops and smartphones used to access the company’s secure Cloud are all potential risks; but educating employees on these risks and how to manage them will help firms to meet regulatory requirements.
Financial services firms need to collaborate
Rather than operate in isolation, financial institutions need to realise that an attack on one is an attack on all. Vulnerabilities exposed in one security network could be similar in others – and therefore, to mitigate and perhaps even prevent damage, firms need to pool their resources, collaborate and share knowledge if they are to build comprehensive, high security networks.
Cyber security by design: a multi-layered, responsive, adaptive and preventative system
In the past, once a hacker penetrated the first line of security, that was it – information was compromised and there was almost nothing a firm could do. Following the hack, firms would respond by upping their investment in cybersecurity and announce new protocols and processes to deal with future attacks; too little too late.
Today’s approach to cybercrime needs to be preventative, not responsive. Financial cybersecurity networks need to be built on adaptive threat analysis systems, a combination of AI-based solutions and security experts. The combination will allow financial services firms to build an adaptive and responsive, real-time security network.
Destruction of old physical data assets
Finally, as financial services firms look to incorporate new technology, systems and software into their security process, old assets will need to be securely disposed and destroyed. Many of these assets will contain residual data which could be exploited by hackers.
Therefore, it is essential that financial services firms carefully manage the asset disposal and destruction process, using regulatory compliant parties or solutions that can thoroughly destroy data. In addition, there needs to be clear documentation of the asset destruction and disposal process to meet new regulatory requirements.
It is important to keep in mind that investment in technology and cyber defence alone is not enough; it needs to be coupled with a company-wide education regarding the regulations, the value of data and the processes to securely manage sensitive data.
Education is key. Only then can financial services firms can begin to develop a unified approach to data management and destruction, ensuring complete regulatory compliance in the years to come and taking real strides towards preventing financial cybercrime.
Sourced by Steve Inglessis, commercial director at DataRaze
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate