With their access to sensitive customer information, banks and financial institutions are a prime target for cyber attackers – especially in today’s dynamic environment. With many employees working remotely during the pandemic, this has increased the attack surface, making them easier targets. According to Boston Consulting Group (BCG), financial services organizations were hit by cyberattacks 300 times more than other companies. Synack’s 2020 State of Compliance Report also finds that financial services is the most targeted industry for cyberattacks, with 150% more breach-worthy vulnerabilities than other industries. However, financial institutions who are shifting to a continuous cadence of security are seeing real success increasing their resistance to cyberattacks by turning to crowdsourced security to harden assets, scale security teams, and gather actionable insights.
Financial Services customers who adopt a continuous approach to security testing have 32% higher Attacker Resistance Score metrics
During today’s volatile environment with companies entirely remote, the increasing number of major security breaches highlight that running annual minimum compliance tests are not enough to secure your organization and customers. Most organizations, regardless of industry, find that a breach is at the top of their list for top security concerns, according to new research by Synack. A continuous security testing cadence ensures that your security keeps pace with development. The elasticity of a crowdsourced security platform, purpose built for remote working environments, enables organizations to augment their security teams, get continuous security coverage and high-quality insights, measure security progress, and integrate those results in developer workflows. The following key cybersecurity measures provide insight into security concerns and best practices in today’s evolving environment for organizations in the financial sector, as well as other industries:
Cybersecurity measures that financial organizations should consider:
- Phishing Prevention: The majority of phishing emails tend to be most successful during the first hour; a good reporting system can prevent future clicks by alerting the entire organization of a phishing attempt early on. Early education is also helpful in helping curb phishing attempts. Prevention should be a priority.
- Crowdsourced Pen Test: According to a recent Synack survey within the banking and finance sector, 55% of respondents use a crowdsourced solution or bug bounty for security testing, and this number is growing.
- Monitor Systems: Banks and financial institutions should monitor and log employee access to sensitive information. The industry is highly regulated, and executives are faced with increased legal, compliance (GDPR, PCI), reputational, and financial repercussions of a breach.
- Malware Monitoring and Protection: Financial service organizations should monitor their systems for vulns that lead to a botnet or DoS attack or malware. It’s important to ensure adequate protection against these attacks by implementing anti-malware defenses.
WSJ Pro recently reported that $30.5 million in Equifax’s latest legal settlement will go to security measures, with $5.5 million dedicated to community banks and credit unions affected by the massive 2017 breach. As financial services organizations assets are large, complex and aging, a continuous security testing cadence ensures that your security keeps evolving ahead of the cyber criminals. Changing working environments within the financial services industry bring new risks but also new opportunities for staying ahead of potential cyberattacks.
Here’s our roundup of stories from around the web on financial services organizations shifting security needs: