The financial industry’s increasing dependence on advanced technologies has two major implications. First, the financial companies that adopt these technologies are able to leverage new and improved services, solve legacy issues and introduce competitive differentiation as a result. Second, the increased complexity of these systems creates more potential weak spots for cybercriminals to exploit. It also drives up the cost required to adequately research, develop and deliver these advanced technologies and services to customers.

Managing these intricacies and associated risks is the key to improving the state of security in banking. A security leader’s main priority is to keep attackers from gaining entry to the organization’s IT ecosystem and wreaking havoc. With any breach, the potential for loss of data, trust and revenue is high, and it can dent overall reputation as well.

The regulatory bodies charged with keeping the industry secure are essential to prevent potentially unsafe expansion or activity. However, regulators are often unable to move fast enough when it comes to data protection.

Compliance Does Not Equal Security

While regulatory compliance is important, a compliant system is not necessarily a secure system. Those in charge of securing financial organizations should work with industry peers and IT partners to identify threats and establish holistic, risk-based approaches to dealing with them.

It’s also important to recognize the tension between the technical and business sides of the organization. Consider which tools must be implemented to address risk and comply with regulations in the context of the IT budget. All sides must be sensitive to each other’s concerns.

Keep Your Ear to the Ground

Computers and security systems have been developed to recognize, detect and prevent viruses, malware and other harmful pieces of software. While these systems are incredibly accurate, they are no longer enough. Security teams need more advanced systems that can learn to recognize patterns in data and identify subtle changes in attack code designed to evade traditional monitoring systems.

Banking organizations should ensure they have advanced analytical and interpretive powers overseeing all relevant data security events. These efforts will help detect and prioritize the threats that pose the greatest risk to the industry and specific organization, allowing security personnel to take effective action and identify the items that need immediate attention. This can be achieved either through in-house security technology deployment or by contracting a third party to manage the security monitoring for the business.

Get Your Head in the Cloud

Many leaders in the traditionally risk-averse finance industry are wary of the risks associated with cloud adoption. However, there is no reason why cloud should be any less secure than an on-premises data hub. It all depends on the organization’s security policies and regulatory requirements, and how these can be mapped to the cloud environment.

Cloud adoption can drive agility and reduce costs for banking institutions. It can also help improve protocols for security in banking. As threats in this area continue to escalate, a single bank can only see what happens inside its own network. But it can strengthen its defensive posture by collaborating with other banks, regulators and government agencies to understand the full threat picture.

Banks can also enable the exchange of relevant threat information and speed up defense capabilities by partnering with dedicated security services. A partner overseeing threats across the globe can, for example, warn a bank in Germany of an attack unfolding in Korea. This allows the German bank to get a jump on defensive preparations before attackers have a chance to strike.

The Future of Security in Banking

The future of security in banking lies in the development and adoption of advanced cognitive security functions. These systems can harness not just data, but also meaning, knowledge, process flows and progression of activity at a lightning-fast speed. Cognitive security can put banks ahead of threat actors in terms of speed, collaboration and access to data structures.

Cognitive technology enables security analysts to collect information rapidly and provides the support they need to thwart attacks before the damage is done. But shifting the balance of power requires a shift in the overall approach to security in banking. Banks must ensure their systems are more than compliant, become comfortable with cloud technologies and implement cognitive computing to keep up with the evolving threat landscape. The industry is not entirely there yet, but it’s facing the right direction.

For more on the state of security in banking, watch this IBM Masterclass video interview I did with The Banker, “Cybersecurity Beyond Compliance.”

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today