Security threats and data breaches in the financial services industry are prompting organizations to increasingly synchronizetheir security and privacy practices.According to the Cyber Security in Financial Services report by VMWare’s Carbon Black group, the industry is subjected to the highest rates of attack of any vertical, and the source of one-third of all data breaches.
At the same time, the rapidshift toremote work, accelerated by the COVID-19 pandemic, has facilitated the need for digital transformation. Security and IT teams are working tirelessly to meet company objectives and to stay ahead of new threats, like those that have come from employees working from home where security is likely not as robust as in the office.
To seize the opportunities triggered by cultural and technological shifts of our times, financial institutions (FIs) are turning to cloud computing to help them address these strategic needs while alsoembracinga more strategic approach to security.
However, simply moving to the cloudis not enough. There are many challenges and obstacles to overcome, particularly as cybercriminals become wiserand continue to target FIs. As such, these organizations oftenfind themselves turning to a third-partyto help ensure their cloud migration is done with security and compliance in mind.
What makes FIs a favorite prey
The high value of personally identifiable information (PII) that FIshold make them an attractive target for cybercriminals. From home addresses to Social Security numbers to details like account routing numbers, it’s easy to understand why banks and credit unions cannot afford to let their guard down.The PII that FIs collect, store and process can be used for identity theft and phishing attacks. Plus, this data provides criminals a direct path for accessing the financial assets of customers and members.
The2019 Data Risk Report by Varonisshows that FIsaveraged 352,771 exposed, sensitive files. In comparison, the runner-up segment in this narrative, Healthcare, Pharma and Biotech, averaged113,491 exposed, sensitive files – less than one-third of FIs. And that was pre-pandemic.
From February 2020 to April 2020 alone, VMWare Carbon Black’s Modern Bank Heists 3.0 report reveals thatcyberattacks against the financial sector increased a whopping 238%. The annual study, which takes the pulse of some of the industry’s top chief information and security officers (CISOs) and security leaders, also found that ransomware attacks against the financial sector increased ninefold during the same timeframe.
It’s no wonder sincemany FIs, a notoriously conservative group, found themselves rapidly and unexpectedly rolling out solutions that included adopting new technology – making the industry a perfect target for cybercriminals.For instance, increased deployment of, and reliance on, digital channels led to a spike in onlinebanking traffic. At the same time,larger volumes of remote employees found themselves suddenly working on laptops that FIs quickly purchased, prepped and shipped to their staff earlier this year. And since many homes lack the secure infrastructure that comes with working in-office, cybercriminals’ access to PII has become an easier target.
Cloud, done right, improves security
As such, FIs are rethinking their stance on the cloud. Cloud computing allows companies to take cybersecurity infrastructure digital without a need for hardware or office facilities. With the right resources, the cloud can also provide greater data-security, regulatory compliance, flexibility and support. And because it often creates separate access points for different resources, the cloud helps mitigate cyberattacks by limiting them to a smaller resource area since data no longer resides in a server room.
However, most cloud-based technology is provided by fintechs who leverage cloud platforms like Amazon Web Services (AWS) or Microsoft Azure – both of which are easily deployed and integrate platform-related security measures. But they aren’t necessarily familiar with the financial services space. Therefore, FIs looking to migrate to the cloud should thoroughly examine the cybersecurity that these providers offer.
“AWS/Azure is easy from a deployment perspective, but how do we monitor these platforms for cybersecurity? A lot of these tools are open source, but these tools might not be fully vetted,” said one FICISO who was interviewed for The Cloud on the Horizon, a Cornerstone Horizons’ report on how cloud computing is bringing new cybersecurity concerns to financial services.
Finding the right technology help
Cloud aside, FIs are already challenged to simultaneously manage various applications and platforms used to run the business. They have the regulatory obligation to protect themselves along with the data of their retail and business account holders. But overcoming resource constraints, such as having limited staff, often render FI’s ill-equipped to detect cyber threats. It’s like trying to potentially plug a dam full of leaks with the fingers on your hand. Therefore, outside cybersecurity help is often needed, particularly since attacks by bad actors have risen sharply this year.
FIs should do their due diligence to determine whether to partner with a vendorthat’s experienced in providing cybersecurity in the banking and credit union space: although the operational, development deployment and monitoring models might change when transitioning to the cloud, the need to monitor for security vulnerabilities and to ensure regulatory compliance does not.
A third-party platform is often an integral extension of a financial institution’s security team as it can provide services like penetration testing, manage user access and to aggregate each and every log – 24 hours a day, seven days a week.
“The importance of keeping our account holders’ PII safe is critical to our business – before and after we went to the cloud,” said Thomas Hill, CISO forLive Oak Bank. “The value of the DefenseStorm cybersecurity and cyber-compliance solution to our operations has been invaluable.”
Additionally, banks and credit unions should ensure that any technology provider they choose will collaborate with other vendors. For instance, the cybersecurity provider should be willing to share pertinent information with an FI’s managed service provider – and vice versa.
When searching for any technology partner, FIs should also look beyond the immediate benefits that solve a particular problem. They should know how that partner integrates into their overall security strategy and that it will provide data in a usable format that’s easy to monitor.
See you in the cloud
Although many of the larger and more progressive mid-sized financial institutions have already transitioned to the cloud, some of the smaller ones remain hesitant. They might have adopted cloud-based office productivity tools such as Office 365 but have yet to adopt the cloud for core services to support their members and customers.
But cybersecurity threats and out-and-out cybersecurity attacks are not going away. They have worsened, especially during the pandemic.
With the right resources, such as a sound cybersecurity solution provider, a move to the cloud – regardless of an FI’s size – can also provide greater data-security, regulatory compliance, flexibility and support. That third-party vendor can ensure round-the-clock security and compliance is a crucial part of a safe move to the cloud.
Way back when – in the 1990s – most banks and credit unions said they would never allow their account holders to gain access to their account via the internet. Years later, they wondered, “Why didn’t we do this sooner?”
It seems like we’re headed down a similar path with the cloud. With the right cybersecurity partner by their side, financial services providers are going to realize the benefits cloud computing enables and will likely look back and wonder, “Why didn’t we do this sooner?”