Policymakers and regulators around the world have pointed to cyber threats from criminal and state actors as an increasing threat to financial stability. Last month, US Treasury Secretary Janet Yellen – along with finance ministers and central bank chiefs from the Group of Seven nations – conducted an exercise covering how G7 members will seek to cooperate in the hypothetical event of a significant, cross-border incident affecting the financial sector.
by Fabien Rech, EMEA Vice President, McAfee
Such concerns are widespread, with 80% of UK IT professionals anticipating a moderate or even substantial impact by increased demand for their services or products this holiday season. The extra demand is compounded by the reduced size of teams and greater online activity. With cyber threats to the financial industry front of mind, and organisations across the sector coming under scrutiny as to whether they are doing enough to protect themselves, this year’s peak season – and subsequent rise in online activity – is cause for concern.
While this paints a bleak picture, organisations can be proactive in defending their networks, data, customers, and employees, against the anticipated increase in holiday cybercrime by implementing certain security measures.
Using technology to bolster teams
Demand for cybersecurity is surging, and today there are a number of technologies that can help to bolster security measures, providing additional support for often stretched security teams. Threat intelligence can offer unique visibility into online dangers such as botnets, worms, DNS attacks, and even advanced persistent threats, protecting FS organisations against cyberthreats across all vectors, including file, web, message, and network.
In addition, taking a Zero Trust approach to security enforces granular, adaptive, and context-aware policies for providing secure and seamless Zero Trust access to private applications hosted across clouds and corporate data centres, from any remote location and device. This will be particularly useful as more employees choose to work remotely.
Prioritising employee awareness
Beyond technologies, the adoption of an awareness-first approach is vital. Proactive cybersecurity awareness training for all employees – not just those in the security team – is essential, especially when encountering holiday phishing emails. As the cyber threat is always evolving, so too must organisations – ensuring that their team’s knowledge and ability to identify, avoid and negate those threats also grow in turn.
This awareness-first strategy requires leaders to move away from a ‘breach of the month’ approach, instead of using proactive training measures to build security into the fabric of their organisation, breaking down siloes of threat and information intelligence across the business, so that all employees are aware of how they can contribute to the battle against cyberthreats during the peak period and beyond.
Some banks are already taking a proactive approach to testing employee understanding when it comes to cybersecurity, for example, resistance to spam or phishing emails, and knowing not to plug unknown USB keys into their laptop. If employees don’t appear to have sufficient knowledge of threats and best practices, they will automatically be required to take part in further training.
Other key steps to take in this proactive approach include increasing the frequency (and testing) of software updates, boosting the number of internal IT-related communications to keep everybody informed, and implementing new software solutions with due diligence.
Implementing a response plan
It’s also important to recognise that protective measures might not work 100% of the time. As hackers become ever more sophisticated, it’s vital for FS organisations to design a holistic, clearly communicable plan for if (and when) things do go wrong.
Developing a robust incident response plan could mean the difference between being able to respond and remedy a security breach in minutes rather than hours, ensuring the least amount of downtime possible. When asked, 43% of businesses reported suffering from downtime due to a cyber concern in the last 18 months – for 80% this happened during peak season and lasted more than 12 hours for almost a quarter (23%)
Again here, training forms a big part – making sure employees know what to do and who to inform when an incident does occur is at the heart of any effective response plan, as is encouraging a culture of honesty and transparency. An organisation in which employees are wary of acknowledging a mistake or informing someone of a possible accidental breach is not a secure one.
The year is full of challenging peak periods, from the public holidays at the end of the year to summer vacations and various religious/spiritual holidays. The need for vigilance has never been greater or more constant, and financial services organisations, in particular, have a need to protect the data and money of their customers, as well as the resilience of their own organisations.
By using technology, training, and incident response awareness, leaders in the sector can help to bolster teams against the increasing sophistication of cyberthreats, staying safe while staying connected. The peak season offers unique challenges, but ultimately the goal is to develop a resilient and adaptable organisation that can ensure security year-round, allowing employees to thrive, wherever they choose to work without having to worry about threats.