Financial services biggest target for cyber attack in 2018. Best defense: education, innovation, and risk-management
Eighty-five percent of IT managers in the financial services sector say their biggest technology threat in 2018 is an online attack from cybercriminals — the most notable impact being on existing systems. Fraud incidents, alone, have increased more than 130 percent during the past year. In an October 2017 study on the cost of cyber crime conducted by the Ponemon Institute, as a direct result of cyber attacks,
“Whether managing incidents themselves or spending to recover from the disruption to the business and customers, organizations are investing on an unprecedented scale — but current spending priorities show that much of this is misdirected toward security capabilities that fail to deliver the greatest efficiency and effectiveness.” And, as attacks are on the rise, attackers are upping their game. “Criminals are evolving new business models, such as ransomware-as-a-service, which mean that attackers are finding it easier to scale cyber crime globally.”
And new threats are now. Since only after the new year, companies are scrambling with the latest warning “that hackers could take advantage of flaws discovered in chips made by Intel, AMD and ARM, which could affect nearly all computers and smartphones.”
There is no “one-size-fits-all” method for companies to follow to be cyber-secure, says Stephen Martin, director-general at the Institute of Directors in London.
He adds, “Shareholders are likely to interrogate boards more frequently on their cyber diligence and will hold them to account for failure.”
- There needs to be a better balance when investing in security technologies toward higher-value tech.
- Compliance (regarding governance, risk, and compliance (GRC) technologies) is not enough of a solution to increased security.
- Innovation is key, generating highest returns on investment, yet investment in them is low.
Three steps to stave off cyber crime:
- Build cybersecurity on a strong foundation: Education goes a long way. Provide continuous security education to key personnel in the line of attack including training on cybersecurity trends and threats and regular reviews of authentication and security controls. Run cybersecurity drills to keep your team on their toes. Invest in what we know works —security intelligence and advanced access management — but be adaptive and flexible enough to always innovate to stay ahead of hackers. Truly understand your data and map assets. “Not all information is critical or confidential. To best prioritize data protection needs,
Once data is evaluated and ranked, it is also important to know where the data lives and how it can be accessed. This might seem like common sense, but a recent EY study found that
- Undertake extreme pressure testing: Evaluate your existing risk and resolve vulnerabilities.“To understand the real exposure of each vulnerability, roll up the risk chain and assess the business, strategic and also operational impacts resulting from a data breach.” And the best defense is a good offense: “
- Invest in breakthrough innovation: Effectively use new technologies, specifically analytics and artificial intelligence, for
And patching and updating protections to ward off ransomware will make a critical difference.
It’s impossible to completely prevent a breach from occurring, but proactively taking steps to ensure a company is prepared from the top-down to mitigate an attack and manage its impact is the key to reducing company-wide costs and stress.
| created by opinov8 team