Chat with us, powered by LiveChat

Cybersecurity For Financial Institutions - Risks for 2023

John Galt

Updated: December 27, 2022

cybersecurity
Editor’s Note:

EDITOR'S NOTE: The article you’re about to read discusses the cybersecurity threats that are likely to “plague” the financial landscape in 2023. The problem with this description is that plagues are often temporary events. The cybersecurity landscape is not a territory subject to plagues but instead is a perpetually escalating theater of digital war. Financial security is seemingly becoming scarce as malicious cyber-pirates threaten financial infrastructure, so it seems. Or is it now just a thinly veiled notion? Any form of protection is necessarily short-term, as an escalation in this theater is a permanent condition. So, what’s in store for 2023? Here’s what some analysts are predicting.

Hackers, social engineering fraudsters, human error and customers who are just plain careless with credentials are all security threats that banks and credit unions must take into account. Prevention requires an in-depth, multiyear strategic plan, not a short-term, quarter-to-quarter focus that leads only to reactive, merely tactical solutions.

Security breaches have become one of the biggest threats to financial institutions.

Remote working, cloud computing and the current geopolitical climate have all played a part, but older forms of infiltration also continue. For example, recent years have seen a sixfold increase in malicious emails designed to trick people into giving away login credentials, a type of attack known as “social engineering.”

Banks should be the safest place for people’s money. Indeed, they have a fiduciary responsibility to proactively mitigate and manage risk for account holders. Unfortunately, bank and credit union executives often don’t understand how severe the problem is. Data at risk leads to identity theft and funds stolen electronically. Ultimately, reputations erode.

Outlined here are some of the top threats that lie ahead and what approaches we’re seeing to address this.

How Cybercrime Is Hitting Banking Today

We believe financial institutions will place a heavy emphasis on implementing “passwordless” solutions with a requirement of multi-factor authentication (MFA). A 2021 Forrester survey noted that 67% of corporate leaders were in the process of adopting passwordless authentication for their employees and partners, a trend we think will — and should — continue in banking.

With the adoption of cloud computing and hybrid environments, we will see an urgent need to implement Secure Access Service Edge (SASE) solutions.

Tech Improvement Breeds Exposure:

Because most companies started with on-premise equipment and have moved apps, workloads and storage to the cloud, the attack surface has increased exponentially.

 

This in turn has created less visibility into the internet environment, eliminating the “secure perimeter,” creating more complexity, and requiring the purchase and configuration of additional forms of protection.

The more complex an environment, the more human error we see. Put simply, SASE methods push security onto the cloud.

In coming years, artificial intelligence and machine learning will continue to be major factors in cybersecurity for the financial services industry. We’ve started to see this already in some cutting-edge security products that are coming to market — “good bots” pitted against “bad bots,” for example.

Automation is another big factor — both as risk and benefit — as banks and credit unions move to automate everything they can. We will start to see more low-code and codeless platforms which aim to make financial institutions more efficient while cutting down on human error.

Where Cyberthreats to Banks and Credit Unions Arise

How can financial institutions do more to prevent cybercrime? First, they need to be aware that this is a long-haul process — and must plan for it. Improving cybersecurity is a journey, not a sprint. An in-depth, multiyear strategic plan is called for, not a short-term, quarter-to-quarter focus that leads only to reactive, merely tactical solutions.

Budget Cutbacks Undermine Cybersecurity:

Even when strategic plans are developed, they are often undercut by midyear budget cuts and executive churn that stymie progress.

 

Firms need to understand and assess the range of risks they face, starting with internal threats. Errors and mistakes that compromise security happen frequently, and steps need to be taken to better safeguard against them. Whether they take place in the office or remotely, malicious acts by employees and contractors are also a significant risk.

External threats come from a mix of technology and people. Human hackers and automated bots alike constantly probe systems looking for vulnerabilities. Customers represent the riskiest component in the entire threat ecosystem because their lack of care and precaution introduces significant vulnerabilities. Examples include doing things like logging on through open internet connections, using predictable passwords, and failing to update their security credentials.

“Social engineering” continues to represent a significant security threat. Cybercriminals rely increasingly on psychological manipulation, rather than technology, and they target both employees and customers.

Phishing emails, which employ psychological manipulation techniques to fool the recipient of the email to open a link or attachment that contains malicious software. Some prey on people’s fears, anxieties or emotions, causing them to lower their defenses and let a hacker into their system. Others invoke a sense of scarcity or urgency to goad a victim into acting quickly without thinking.

A Broad Plan of Attack on Cyberthreats

Financial services organizations need to improve their processes, engineering and technology to protect against these risks. Systems reliability engineering needs to be improved, if only because— despite the many concerns about hackers and other nefarious actors — only 6% of all failures at major banks are caused by external forces. Most system availability problems occur because of bad change processes, poor software, deployment issues, incorrect specifications, and other issues.

Security can be improved through several means, but multiple layers of protection are called for. Passwordless logins that use biometrics and tokenization provide login protection that is more secure than passwords.

Behavioral analysis and pattern recognition are also powerful tools to improve cybersecurity — building customer profiles makes aberrant or fraudulent behavior easier to detect so that, for example, credit card charges that are outside the cardholder’s usual activity can be declined.

 

Originally published by The Financial Brand

No Investment Advice

GSI Exchange is a publisher and precious metals retailer. You understand and agree that no content published on the Site constitutes a recommendation that any particular security, portfolio of securities, transaction, or investment strategy is suitable or advisable for any specific person. You understand that the Content on the Site is provided for information purposes only, and none of the information contained on the Site constitutes an offer, solicitation or recommendation to buy or sell a security. You understand that the GSI Exchange receives neither monetary or securities compensation for our services. GSI stands to benefit from the sell of retail cost precious metals on this site. To avoid hidden costs all prices are listed live 24/7 on this site. Read the full disclaimer

GSI Exchange Infokit - evergreen

GET YOUR FREE

GOLD SILVER INFO KIT

Precious Metals and Currency Data Powered by nFusion Solutions