Cybersecurity attacks are top priority for IT professionals — ransomware, spyware, Trojans and phishing efforts continue to rise even as security pros develop new ways to combat evolving threats. For finance leaders, it's often tempting to consider cyberdefense a "technology problem" and focus on the performance, rather than protection, of online financial services. But with consumers now demanding anytime, anywhere access to financial transactions and mobile-native finance apps necessary for any forward-thinking financial institution, it's no surprise that financial cyberrisks are also on the rise.
As noted by TheHill.com, "While the modern interconnectivity of our banks and financial firms offers tremendous opportunities, it creates tremendous risks, as well." According to ComputerWeekly.com, in fact, the average firm loses more than $900,000 for every cybersecurity incident. More worrisome? That seemingly isolated cyberattacks could have systemic, global repercussions.
Technological Tripping Hazard?
There's no doubt that advanced application and network technologies have benefited financial institutions. By allowing customers to complete service actions online rather than in-person, businesses are able to both increase overall satisfaction and reduce total overhead. In addition, big data offers the promise of real time, actionable insights with the right analytic solutions in place. But it's not all good news. The Business Times reports that Ravi Menon, director of the Monetary Authority of Singapore, as saying, "As more financial services are delivered over the Internet, there will be growing security and privacy concerns from cyberthreats."
The most common threat vector? Cybercriminals breaching databases to steal consumer information, then leveraging this data for ID theft or selling it for profit on the Dark web. Third-party POS terminals are a popular compromise vector here, since they allow lateral entry into payment networks, which hackers then parlay into full-fledged database access. Menon also points to potential problems with so-called "robo-advisors," software algorithms that recommend investment opportunities based on customer history, current market forces and acceptable risk levels. If cybersecurity attacks were carried out on these robo-advisers, it's possible for investors to lose millions — or billions — before any evidence of wrongdoing was uncovered.
In addition, there's the unknown risk of "runaway algorithms." If robo-advisers suddenly start making bad decisions thanks to programming flaws, it could lead to a systemic event where other advisers begin making odd choices to compensate for the original error. What's more, algorithms tend to encourage cyclicality in transactions and decision-making, meaning its hard to predict their impact on the market at large.
So how do finance leaders reduce the risk of cybersecurity attacks on their own network and defend against systemic threats at large? It starts with a recognition that finance is now inherently linked with IT — the need for mobile applications and on-demand transactions means that finance executives and IT pros must work together to develop effective defense and remediation strategies.
In more practical terms, this means deploying tools which actively protect the data of employees and consumers on your local network. Look for proactive, cloud-based solutions capable of defending data cross-platform and cross-device while still allowing access to verified consumers and admins. Consider the potential problem of robo-advisers. Mitigate their risk with cloud solutions that actively track their decision-making in real time along with incoming and outgoing traffic, then provide instant alerts to IT teams if something doesn't add up. This provides an extra layer of human oversight to shut down or reconfigure automated systems before things get out of hand.
But it's not enough just to safeguard your network — you also need to consider the role of any partner organizations handling employee or consumer data. As noted above, POS distributors are one potential weakness, as are third-party payment processors or credit-checking firms. Best bet? Put security expectations in writing. Make it clear that partners must adopt the same (or equivalent) type of proactive monitoring and response tools if they process, store or transmit any of your financial data.
Cybersecurity attacks are on the rise, and financial data is a priority target for hackers. Stay safe by recognizing your risk and building in proactive solutions to detect, report and remediate potential threats.
Stay up-to-date on the latest human capital management insights for finance leaders: subscribe to our monthly e-newsletter.
SIGN UP FOR THE BOOST NEWSLETTER