Cyber attacks are becoming more frequent and more sophisticated in the current environment, with businesses in all sectors and governments around the world being targeted by cybercriminals looking to steal the information of individuals and access their finances.
However, one sector that is constantly in the firing line and sights of cybercriminals is the financial services sector, due to the value of information they possess and the availability of a quick financial gain for those who choose to make use of malware and other malicious software.
This, in some part, is down to the increased digitisation of financial institutions, as their reliance on information and communications technologies has grown dramatically. Many of these systems are becoming more and more complex over time and the volume of data being stored is growing exponentially, which can make it extremely difficult for financial institutions to control.
According to a report from the European Union, concerns are now growing over the increasing persistence, intensity and sophistication of IT related risks, which includes the dangers of cyber attacks.
Throughout the last 12 months, financial institutions and businesses operating within the financial services sector were hit by more cyber incidents than in previous years, with criminals attempting to target and exploit vulnerabilities within IT and security systems to access customer information.
Banks in particular have seen an increase in high-profile distributed denial of service (DDoS) attacks, as well as the destruction of information, disruption of their operations and espionage. With evidence pointing to a rise in the frequency of cyber attacks, there is a growing worry that their transmission throughout the interconnected IT systems will pose a systemic threat. Governments around the world have been attempting to prepare for such an occurrence. In the UK, Operation Waking Shark II was recently carried out to assess the readiness of financial institutions should a widespread attack take place. Results were positive, but some holes within the security systems and processes were highlighted.
IT spend must remain steady
According to the EU, the current cyber crime environment makes it imperative that IT systems and related internal controls are safeguarded against budgetary implications and continue to remain robust and protect organisations that may be targeted.
The Joint Committee of the European Supervisory Authorities (ESAs) revealed that firms and supervisors within their industries must assess tech security and cyber resilience regularly, integrating these issues into their ongoing risk models.
The report noted that interaction with legacy or heterogeneous IT systems requires heightened attention, as a number of weaknesses - such as the inability to cope with the volume of use - have been identified. Of course, as businesses become more digitised, there is a growing need for IT systems to be agile and flexible to adapt to the organisation's future and regulatory requirements. However, the report noted that in some cases, the maintenance of existing infrastructures is not sufficiently addressed and needs to adapt quickly to the evolving threats posed to them.
The report noted: "Outsourced IT services or usage of dependency-on-cloud computing services also deserves attention, as well as IT security and concentration risks from hardware and software vendors."
Another concern highlighted by the report as a reason why IT budgets may be neglected is the rush to roll out new products - particularly in the mobile sphere - without carrying out sufficient testing.
Organisations within the financial services sector need to ensure the level of IT-security and cyber resilience is adequate for the nature and conduct of the business. The report also indicated the need for IT security measures to be regularly assessed and evaluated by financial institutions and supervisors alike. Supervisors should factor the mitigation of cyber and IT risks into regular practices and risk.
By Gary Cooper