3 security concerns for financial service providers in 2021
The financial sector has been a long-standing target for cybercriminals for a number of years.
Not only does it hold the financial details of millions of users but banks and financial organisations arguably hold more personal information than any other institution. Not only do these institutions have information on how much money you have or earn but also they can gain insight on how you spend or save this money.
The sheer amount of data that these organisations hold on each individual means that cybercriminals could obtain your money but also your identity.
What’s more, the past year has seen a multitude of industries navigate a global pandemic, and working from home has caused additional challenges for the sector.
When the UK went into its first lockdown back in March 2020, financial institutions moved swiftly to adjust their operations. But cybercriminals also worked rapidly to take advantage of the now remote workforce that created a feeding ground for online criminal activity.
As a result, credential and identity theft have skyrocketed in the past 12 months as cybercriminals looked to exploit vulnerabilities in personal firewalls and antiviruses; using malware attacks and ransomware to target users and obtain confidential information. While the global workforce looked to navigate the new remote working environment, cybercriminals have been trying to exploit it with a number of challenges currently facing the financial sector.
Credential theft on the rise
Credential theft, whereby a cybercriminal is able to obtain a victim’s proof of identity, is not a new threat to the financial industry. In fact, from the 2021 Verizon Data Breach Investigations Report, it is stated that credentials remain one of the most sought-after data types and also the fastest data point to compromise. While the threat itself may not be something new, the environment we find ourselves currently navigating is, and cybercriminals are using this to their advantage.
As the workforce rapidly shifted from being siloed to remote, many organisations had to roll out additional services and solutions to remain operational. However, these devices or services also gave cybercriminals additional entry points within their networks. With many organisations operating via cloud-based solutions, having access to these networks means that hackers can gain access to a multitude of sensitive data within minutes.
Alarmingly, the majority of credential theft is the result of targeted phishing or malware attacks. As many people reuse their passwords for a number of services, once a single password has been compromised they can then try to connect with another service or network. With people working remotely, educating staff on the importance of setting resilient passwords, isn’t on the agenda for many organisations and therefore leave them vulnerable due to this negligence.
Increased AI adoption
Artificial intelligence (AI) has been a technology that has been cementing itself within many sectors for a number of years. Due to its ability to carry out repetitive and arduous tasks, organisations are beginning to see the benefits from rolling out this technology with the financial sector also taking note. A report from Deloitte revealed that 30% of financial service organisations they describe as “frontrunners” are more adept when it comes to utilising AI; using the technology to enable them to increase revenue at a faster rate than their competitors.
What’s more, the report states that 45% of “frontrunners” invest US$5mn in AI initiatives with 70% planning to increase their spending within the next year. Yet, as AI continues to establish itself within the financial services sector, business leaders need to ensure that they have robust and resilient infrastructures in place.
With so much trust being placed on the AI to automatically manage, distribute and in some cases, duplicate data, these organisations need to ensure they have protocols in place if this technology is also targeted by hackers and cybercriminals.
Fintechs need cloud-based security
Technology is helping to solve many of the financial sector’s challenges and protect various institutions through advancements in the digital landscape. The evolution of cloud computing, which was traditionally valued for its cost-saving capabilities, is now invested in its enablement for future innovation.
Cloud-based technologies also allow financial institutions to implement critical cybersecurity measures that prove extremely difficult to penetrate including shielded logins, disconnecting the end-user environment, and Zero Trust Architecture (ZTA).
With many organisations still working remotely and as we seemingly emerge into a new era of hybrid working, financial service providers are undoubtedly going to be providing additional solutions for their workforces to remain efficient. However, with credential theft on the rise, we can see the vulnerabilities that these expanded ecosystems present when it comes to phishing and malware attacks.
Financial institutions can look to easily implement the offerings of cloud-based solutions via shielded logins to external partners they’re dealing with. Using an authentication service whereby the user’s logins are transported via the browser as a client, all other authentication processes are performed by backend systems.
This means an extra layer of protection is provided when coordinating third-party involvement. Additional processes in the cloud can be implemented for further security, such as dynamically generated, unique passwords and tokens that the service provider does not store, so that the login information to applications remains hidden for all other users.
More and more organisations are also embracing Zero Trust Architectures aimed at protecting modern businesses from security threats by removing the “trust” from an organisation’s network.
As a result, many are utilising identity and rights management systems powered by blockchain technology to bolster the level of security for these organisations. Using these systems, users gain self-determination over their data by means of digital authorization chains meaning it is always traceable who has accessed which data or systems when and with which authorisations and where these authorisations originate from.
Remote workforces and data security
The past year has forced a number of sectors to rethink the way in which they operate. As remote working looks to remain on the agenda for many financial service providers, it’s imperative that they consider the sensitive nature of the data that they hold.
Additionally, with many cyber-attacks being the result of phishing or malware incidents, organisations need to first educate their staff on the importance of vigilance around protecting their credentials whilst also ensuring that they roll out the right technologies that can combat these kinds of phishing attacks. Innovative cloud-based solutions can offer a solution.
Implementing end-to-end cloud security systems provide simple yet highly effective barriers to intrusion. Sensitive data cannot afford to wait therefore investing in secure cloud solutions now will ensure the safety of your organisation’s future.
Check Point: Securing the future of enterprise IT
Cybersecurity solutions provider Check Point was founded in 1993 with a mission to secure ‘everything,’ and that includes the cloud. Conscious that nothing remains static in the digital world, the company prides itself on an ability to integrate new technology with its solutions. Across almost three decades in operation, Check Point, with its team of over 3,500 experts, has become adept at protecting networks, endpoints, mobile, IoT, and cloud.
“The pandemic has been somewhat of an accelerator in the evolution of cyber risk,” explains Erez Yarkoni, Global VP for Cloud Business. “We had remote workers and cloud adoption a long time beforehand, but now the volume and surface area is far greater.” Formerly a CIO for several big-name telcos before joining Check Point in 2019, Yarkoni considers the cloud to be “part of [his] heritage” and one of modern IT’s most valuable tools.
Check Point has three important ‘product families’, Quantum, CloudGuard, and Harmony, with each one providing another layer of holistic IT protection:
- Quantum: secures enterprise networks from sophisticated cyber attacks
- CloudGuard: acts as a scalable and unified cloud-native security platform for the protection of any cloud
- Harmony: protects remote users and devices from cyber threats that might compromise organisational data
However, more than just providing security, Yarkoni emphasises the need for software to be proactive and minimise the possibility of threats in the first instance. This is something Check Point assuredly delivers, “the industry recognises that preventing, not just detecting, is crucial. Check Point has one platform that gives customers the end-to-end cover they need; they don't have to go anywhere else. That level of threat prevention capability is core to our DNA and across all three product lines.”
In many ways, Check Point’s solutions’ capabilities have actually converged to meet the exact working requirements of contemporary enterprise IT. As more companies embark on their own digital transformation journeys in the wake of COVID-19, the inevitability of unforeseen threats increases, which also makes forming security-based partnerships essential. Healthcare of Ontario Pension Plan (HOOPP) sought out Check Point for this very reason when it was in the process of selecting Microsoft Azure as its cloud provider. “Let's be clear: Azure is a secure cloud, but when you operate in a cloud you need several layers of security and governance to prevent mistakes from becoming risks,” Yarkoni clarifies.
The partnership is a distinctly three-way split, with each bringing its own core expertise and competencies. More than that, Check Point, HOOPP and Microsoft are all invested in deepening their understanding of each other at an engineering and developmental level. “Both of our organisations (Check Point and Microsoft) are customer-obsessed: we look at the problem from the eyes of the customer and ask, ‘Are we creating value?’” That kind of focus is proving to be invaluable in the digital era, when the challenges and threats of tomorrow remain unpredictable. In this climate, only the best protected will survive and Check Point is standing by, ready to help.
“HOOPP is an amazing organisation,” concludes Yarkoni. “For us to be successful with a customer and be selected as a partner is actually a badge of honor. It says, ‘We passed a very intense and in-depth inspection by very smart people,’ and for me that’s the best thing about working with organisations like HOOPP.”