November 10, 2016 By Larry Loeb 2 min read

Two-thirds of financial institutions that responded to a recent MetricStream Research survey indicated that they had experienced a cyberattack in the past year.

Financial Cybersecurity Threats Rising

The survey queried “C-level information security professionals” associated with 60 global financial services firms of various sizes and segments, including banking, insurance, asset management, diversified financials, investment services and foreign exchange services.

The survey suggested that insider threats continue to play a prominent role in the financial cybersecurity landscape. In fact, 48.5 percent of respondents reported that most cyberattacks were enabled by employees.

Where the Money Is

Cybercriminals love to target the financial industry because, quite simply, that’s where the money is. In response to this persistent threat, 91.2 percent of survey participants reported formally introducing cybersecurity into their enterprise risk management (ERM) program.

The specifics of the cybersecurity components in those ERM programs may need to change over time. The financial industry has its own particular security risks and regulatory frameworks to respond to them. Any security best practices evolve over time. so it’s a good idea to review them regularly as they apply to the institution.

For example, any evaluation of the risk management program should consider current information about the various threats that security professionals might find when they remediate an attack. It’s critical to know specifically what works and what doesn’t with respect to the institution’s situation.

Third-Party Protection

You don’t have to do all the heavy lifting in-house. Unsurprisingly, 70.6 percent of respondents reported that third parties played a role in their ongoing security efforts.

Security-as-a-service may be a very useful specialization for some organizations. Rather than being forced by necessity to build its own in-house expertise, a company can simply buy it as a package from a vendor and rely on round-the-clock servicing to protect their assets. They might need it, too: 55.9 percent of respondents reported an increase in attacks from previous years, while just 2.9 percent said that threats were decreasing.

Almost all agree that financial cybersecurity is a necessity in today’s world, but how those affected organizations go about achieving security is up in the air. Leveraging outside expertise and running risk management programs are only the tip of the iceberg.

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today