Light Dark
March 2, 2016 By Kevin G. Joseph 3 min read
Banking & Finance
Data Protection

Financial security — we hear this term all the time. Whether it is coming from our friends, family or financial adviser, the journey to financial security is at the center of our lives. We plan for it, save for it and even pay people to make sure we eventually get there.

Our advisers ensure us that they have the right strategy, the best funds and the highest returns. However, in the moment of planning and worrying about our own financial security, do we ever ask of our advisers, “What is your firm doing to keep my personal and financial information secure?”

The Financial Enterprise Threat Landscape

You might be thinking, “Why do I care if my financial firm is taking measures to secure my information? I just want them to make me money.”

While it is important for your adviser to make you money, it is equally important for your financial provider to not only protect you from monetary loss, but also to take measures to secure your entire financial record and other personally identifiable information.

According to IBM Security’s “2015 Cyber Security Intelligence Index,” the finance and insurance industries were the most-targeted industries in 2014. These industries are being specifically targeted by professional cybercriminal organizations — it’s not just some kid in a college dorm room trying to play around with your financial information.

The types of individuals who are trying to steal your information are part of large cybercriminal groups made up of hundreds of employees. IBM X-Force research has found that these organizations are extremely sophisticated.

They are using business analytics to determine what types of attacks work best against financial firms. Many times, they are selling criminal services on the Dark Web that customers can purchase illegally. These plans even give buyers access to a 24/7 live support line to talk with a fellow cybercriminal to ensure the attacks they purchased were successful.

These cybercriminals don’t just do it for fun. The prices of the records they sell on the Dark Web are significant. Look at electronic health records (EHRs), for example: According to a 2014 report by the FBI, EHRs can sell for $50 per individual record on underground markets, and the price may climb higher depending on the owner or the information included.

The more the records have attached to them, the more they will sell for. Records that have Social Security numbers, addresses, medical data and financial information can go for a very high price on the underground market.

https://youtu.be/GDXbXqcliwU

Don’t Be Afraid of the Cloud

Many financial organizations hear the word cloud and immediately look the other way. Looking at security from a physical and virtual point of view, the cloud can be a great solution for financial institutions.

In my opinion, cloud has everything to do with the provider. Choosing a reputable provider that has a proven track record is important in making the decision to go with an enterprisewide cloud strategy.

Here are three security differentiators to focus on when choosing a cloud provider:

  1. Intelligence: Does your cloud provider offer a secure platform with built-in security intelligence and analytics?
  2. Integration: Does your cloud provider offer an open, integrated approach so your security products can work like an immune system, with seamless integration between multiple security products of different brands?
  3. Expertise: Does your cloud provider offer industry-leading expertise, with research teams, labs, patents and security operations centers to support your security strategy?

These three differentiators are pivotal to ensuring your cloud solution is scalable, reliable and secure.

A Secure Financial Enterprise Is a Competitive Advantage

Financial service providers don’t need to shy away from the cybersecurity challenges they face. They should embrace them!

Providing a secure financial platform for your employees and clients to conduct business on is an outstanding competitive advantage that your organization should be marketing to your clients.

Despite the advantage security brings, it’s not always easy to enact. ESG Research found that 83 percent of enterprises report having difficulty finding the security skills they need. But it’s essential to find a workaround to this skills gap because making an investment in securing not only your infrastructure, but also your people, applications and data can go a long way with both current and potential clients.

The Financial Firm Versus the Client

As the client of a financial firm, it is important that you ask your adviser what the firm is doing to protect your personal and financial information.

As the financial service provider, you have a responsibility to take proactive measures to prevent data breaches from happening, have the right technology to detect when they do happen and have the ability to respond appropriately in the event of a breach.

One of the greatest steps financial firms can take in showing they are serious about the client relationship is making a strategic investment in technology that protects their clients.

 |  |  |  | 
Kevin G. Joseph
Cybersecurity Strategist, IBM

More from Banking & Finance
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

January 26, 2024

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature