Industry Update: Securing the Financial Enterprise

Financial security — we hear this term all the time. Whether it is coming from our friends, family or financial adviser, the journey to financial security is at the center of our lives. We plan for it, save for it and even pay people to make sure we eventually get there.

Our advisers ensure us that they have the right strategy, the best funds and the highest returns. However, in the moment of planning and worrying about our own financial security, do we ever ask of our advisers, “What is your firm doing to keep my personal and financial information secure?”

The Financial Enterprise Threat Landscape

You might be thinking, “Why do I care if my financial firm is taking measures to secure my information? I just want them to make me money.”

While it is important for your adviser to make you money, it is equally important for your financial provider to not only protect you from monetary loss, but also to take measures to secure your entire financial record and other personally identifiable information.

According to IBM Security’s “2015 Cyber Security Intelligence Index,” the finance and insurance industries were the most-targeted industries in 2014. These industries are being specifically targeted by professional cybercriminal organizations — it’s not just some kid in a college dorm room trying to play around with your financial information.

The types of individuals who are trying to steal your information are part of large cybercriminal groups made up of hundreds of employees. IBM X-Force research has found that these organizations are extremely sophisticated.

They are using business analytics to determine what types of attacks work best against financial firms. Many times, they are selling criminal services on the Dark Web that customers can purchase illegally. These plans even give buyers access to a 24/7 live support line to talk with a fellow cybercriminal to ensure the attacks they purchased were successful.

These cybercriminals don’t just do it for fun. The prices of the records they sell on the Dark Web are significant. Look at electronic health records (EHRs), for example: According to a 2014 report by the FBI, EHRs can sell for $50 per individual record on underground markets, and the price may climb higher depending on the owner or the information included.

The more the records have attached to them, the more they will sell for. Records that have Social Security numbers, addresses, medical data and financial information can go for a very high price on the underground market.

Don’t Be Afraid of the Cloud

Many financial organizations hear the word cloud and immediately look the other way. Looking at security from a physical and virtual point of view, the cloud can be a great solution for financial institutions.

In my opinion, cloud has everything to do with the provider. Choosing a reputable provider that has a proven track record is important in making the decision to go with an enterprisewide cloud strategy.

Here are three security differentiators to focus on when choosing a cloud provider:

  1. Intelligence: Does your cloud provider offer a secure platform with built-in security intelligence and analytics?
  2. Integration: Does your cloud provider offer an open, integrated approach so your security products can work like an immune system, with seamless integration between multiple security products of different brands?
  3. Expertise: Does your cloud provider offer industry-leading expertise, with research teams, labs, patents and security operations centers to support your security strategy?

These three differentiators are pivotal to ensuring your cloud solution is scalable, reliable and secure.

A Secure Financial Enterprise Is a Competitive Advantage

Financial service providers don’t need to shy away from the cybersecurity challenges they face. They should embrace them!

Providing a secure financial platform for your employees and clients to conduct business on is an outstanding competitive advantage that your organization should be marketing to your clients.

Despite the advantage security brings, it’s not always easy to enact. ESG Research found that 83 percent of enterprises report having difficulty finding the security skills they need. But it’s essential to find a workaround to this skills gap because making an investment in securing not only your infrastructure, but also your people, applications and data can go a long way with both current and potential clients.

The Financial Firm Versus the Client

As the client of a financial firm, it is important that you ask your adviser what the firm is doing to protect your personal and financial information.

As the financial service provider, you have a responsibility to take proactive measures to prevent data breaches from happening, have the right technology to detect when they do happen and have the ability to respond appropriately in the event of a breach.

One of the greatest steps financial firms can take in showing they are serious about the client relationship is making a strategic investment in technology that protects their clients.

Share this Article:
Kevin G. Joseph

Cybersecurity Strategist, IBM

Kevin Joseph is an IBM Cybersecurity Strategist serving the Great Lakes Region of the United States. He is focused on delivering client value to corporate executives through business level discussions.