We are becoming accustomed to seeing cyberattacks on companies reported in the media. Large, multinational businesses including Apple, TalkTalk, Tesco Bank and Yahoo have found themselves in compromising situations, showing that any organisation, no matter how big or small, is susceptible and vulnerable to cyber-attacks. Financial Services is an industry where the risks associated with a cyber-attack can be particularly high, and CISOs within the industry are increasingly finding themselves under pressure to prioritise the ways they manage these threats.
The importance of security awareness
Education is key to combating the rise of cyber threats. There is a significant lack of awareness about the different forms of security threats that exist today. Everyday activities and behaviours in financial services can create serious security risks. For example, simply by inserting a corrupted USB device in a computer, an individual has the potential to put both themselves and their company at risk from malicious cyber-activity.
Recent research from The Network Group Events, which surveys CISOs from some of Europe’s top financial institutions at its Financial Services Information Security Network, found that an overwhelming 62% of CISOs saw security awareness management as an investment priority to try to reduce the threat of a security breach.
More emphasis needs to be placed on improving security awareness for employees both in smaller firms such as IFAs and brokers, as well as larger corporations. All too often, security breaches in banks and insurers, for example, are down to human error. If businesses can make their employees and customers more educated about cyber threats, providing them with knowledge of how to spot a malicious link, for example, it will reduce the threat of a cyber-attack within that organisation.
While many CISOs in financial services have been investing in technology to ensure that their own organisations are best protected from a security breach, the threat from third party relationships is still as prevalent as ever. Financial services firms have heavily invested in improving their own internal security systems in recent years - but all this hard work can become redundant if businesses to not address the threat posed through third parties.
Almost all businesses have, in some capacity, a relationship with a third party. It could be a supplier, an IT partner, an outsourcer or a strategic partner. Indeed, many companies will engage with all of the above, often managing multiple relationships. Interconnected organisations are common and there are significant commercial benefits - but third parties also carry a cyber risk. If they are hacked, your business could be exposed to the impacts of that breach. 61% of CISOs attending our Financial Services Information Security Network said they were focused on the threat of third party risk management as a key information security priority.
Furthermore, CISOs continue to prioritise the protection of personal or company data, particularly in the run up to the implementation of EU GDPR. More than half (57%) of CISOs attending the Financial Services Information Security Network stated that data loss or data theft prevention was their main investment focus.
Looking to the future, as business becomes ever more digital and automated, the cyber threat will only increase. Whilst CISOs involved in financial services are continually evolving their approach to managing information security risks, our research clearly shows that even despite the challenges ahead, network security experts are divided on what areas to prioritise.
Whilst some threats are more prevalent than others at certain times, the essential task for CISOs in financial services remains the need to educate and convince their organisation and the key stakeholders about the need to take these threats seriously and to invest appropriately to protect their operations against the evolving cyber-threat.