The financial industry relies on employing the latest digital services to enhance the customer experience, yet most small and medium-sized institutions aren’t prepared to handle the ensuing vulnerabilities and lack the necessary defenses – especially when the industry is one of the top five targeted by hackers. Ironically, the same technologies that are creating vulnerabilities in your environment also are making it easier, more efficient, and more cost effective than ever before to protect your network.
Meet your customers where they are
Just as artificial intelligence (AI), Internet of Things (IoT), new server and mobile applications, application program interfaces (APIs), and cloud services are being used to engage with customers, they are also being used by security companies to protect your environment. New technologies with new benefits and new vulnerabilities will continue to occur in the financial industry, and banks will continue to grow their online and mobile banking efforts.
In 2016, 62% of Americans cited digital banking as their primary method of banking, up from 51% in 2015. Additionally, a 2016 study conducted by the Mobile Money Report found that 61% of customers were using their mobile phones to bank, with one in two (48%) preferring to do so with apps.
The investing industry has also found that customers are demanding online services. Statistica reports that 15.79 million customers were trading online in 2017 compared to 11.63 million in 2008. Dayana Yochim, a financial writer for The Motley Fool and NerdWallet, says most investors place their trades through an online brokerage account, and brokerage firms must pay more attention to delivering solutions.
To satisfy these needs, financial organizations are implementing technologies of various types, which often work in unison and share data with other banks and broker firms. Business Insider Intelligence research found that 46% of people between the ages of 18 and 22 see the ability to view all of their accounts in one mobile banking app as an important feature in choosing a bank.
Taking the bad with the good
To allow this sharing of information, developers use APIs, which are often a target of DDoS attacks. On the upside, APIs accelerate application development, create new revenue opportunities, and reduce IT costs. On the downside, APIs can be extremely vulnerable to attacks if security is not embedded throughout the network. The Open Web Application Security Project (OWASP), which publishes its annual “Top Ten” critical web app critical security risks, now has references to APIs in nine out of 10 of the top listed vulnerabilities. Although identity access management (IAM) is used to validate users interacting with the API, an attacker who breaks into an administrator’s systems could use the credentials of someone who has access to the API system to change the list of who can or can’t access it.
Another technology that is making it easy for attackers to breaking into networks is IoT. The financial industry is just beginning to recognize its various uses. For example, smart glasses can be used by banks to determine if a check is fake. A great benefit indeed, but if any IoT device has a vulnerability in it, it could become a gateway to your environment.
AI and machine learning (ML) have been adopted for a range of applications in the financial services industry. They are being used to assess credit quality, speed up lending decisions, and automate client interaction with systems like virtual assistants, which help customers make transactions or solve problems. In a PwC 2017 Digital IQ Survey, about half (52%) of those in the financial services industry said they’re currently making “substantial investments” in AI, and 66% said they expect to be making substantial investments in three years.
Although in the right hands AI can complete tasks in a fraction of the time it would take humans, threat actors can use the same intelligence to carry out attacks. The Malicious Use of Artificial Intelligence report, written by academic and industry cybersecurity experts, says, “We believe there is reason to expect attacks enabled by the growing use of AI to be especially effective, finely targeted, difficult to attribute, and likely to exploit vulnerabilities in AI systems.” The report predicts AI will expand existing threats by making it easier and cheaper to carry out cyberattacks and will introduce new threats as attackers exploit vulnerabilities in AI systems.
While there’s no way to block all attacks, these new technologies are being used by security-as-a service providers to protect financial organizations. Security needs to be delivered in a way that is fast and scalable to keep pace with today’s cyberthreats.
One of the most cost-effective ways of obtaining visibility into all your technologies and securing any environment, is working with a trusted third-party security provider. Security-as-a-service enables comprehensive protection of your total environment – from on-premise to the cloud. You don’t have to buy and manage expensive equipment like a Security Incident Event Management (SIEM), intrusion detection/prevention systems (IDS/IPS), or endpoint detection and response tools, but rather, leave this management and orchestration in the hands of your security-as-a-service provider.
For financial institutions of all sizes, security-as-a-service can deliver the automatic protection, detection, and remediation your organization needs to reduce the cost and the burden of managing security and compliance.
To learn more about securing your environment, see our financial security white paper.