Financial gain is the primary driver for most cyber crime. Banks no longer solely exist as physical fortresses. They have also become online services so that the individuals can access and manage their finances digitally. But also, this makes it much easier for criminals too. As the cloud adoption accelerates, the target placed on the backs of financial organisations continues to grow.
Banking technology is a major part of this evolution. The advancements in technology have made calls for greater developments in online security for protect the evolving institutions. 70 percent of organizations hosting data in the public cloud have experienced a security incident. 20 percent of attacks in the financial sector are caused by internal, financially motivated attackers. Industries across the world are making the all-important move to the cloud. Financial institutions have joined the shift. These benefits can be easily and quickly unravelled.
Major weakness for financial institutions is their own supply chains. Criminals gain access to the bank’s network through any one of its suppliers. Financial institutions themselves can become weak points for other companies. Banks assist with business transactions such as importing and exporting goods. The recent SolarWinds attack is an example of what can happen when a supply chain is hit. These shows that the criminals are becoming more sophisticated in their techniques. The four key elements for financial institutions are plan, build, test and run.
Banks should remember that it is important to remember that a new environment demands a new security plan. Then, nothing should go live without being properly tested. And finally, using artificial intelligence (AI) and machine learning will not take the place of cognitive thinking. By automating processes, the banks will free up human workers. So that they can focus on more cognitively challenging tasks. Human intuition is as important as AI and machine learning.
Financial institutions, when developing the cyber resilience strategy must take into account all the infrastructure hygiene, physical security and identity management. IT teams should work closely with physical security teams to gain a business wide perspective. This could include incident response and forensics, penetration testing and application security and security research. Network access should be kept on a short and strict leash. Moving to the cloud should make day-to-day processes more efficient and facilitate flexible working. Banks and other financial institutions should always be prepared to meet the threat, because they will always remain at the centre of criminal activity.