The Covid-19 pandemic exposed many faults in current approaches to cyber security in financial services. While 2020 and 2021 have been the worst years to date for cybercrime in all industries, banking and finance have been hit the hardest.
This is partly because the financial technology sector was forced to adapt and evolve at an unprecedented rate as in-person transactions were no longer possible. A report by the Financial Stability Institute found that in March 2020 alone, ransomware attacks increased by 148%, with the finance sector being the top target. This figure keeps rising; according to the 2021 Covid Crime Index report, 74% of financial institutions in the UK and US have experienced losses due to pandemic-related cybercrime, and 77% of them are worried about future attacks.
Cyber security and cyber risk management in the financial sector are multidimensional, even more so with emerging trends in online banking. Many financial institutions experienced cuts of 26% to IT security, fraud and cyber risk funding, resulting in greater vulnerabilities.
At a time when the finance sector is particularly appealing to hackers, companies need to take advantage of the new fintech security solutions. In this article, we look at 10 ways to improve cyber security and develop an effective cyber security strategy for financial services.
Impact of cybercrime on financial institutions - BAE Systems Covid crime index report 2021
1. Keep your IT infrastructure safe and up to date
Due to the growing complexity of cybercrimes and the cost of effective solutions, many organisations struggle to keep up with basic cyber security principles which are key for data protection. Financial businesses are often vulnerable to cyber attacks because they rely on legacy systems.
The first step to preventing attacks is keeping the company’s IT infrastructure and operating system up to date. This includes deleting outdated software and complying with reliable information security management frameworks such as ISO 27001. A secure cloud service for backup and recovery is also essential, to protect sensitive information in case of cyber attacks.
2. Implement cyber security training for employees
A recent research report by Mobile Mentor, investigating employee behaviour in the American and Australian financial industry, revealed that at least one third of workers keep their passwords in a journal. A further 46% of respondents said they allow family members to use work devices for personal purposes.
While the report also found that respondents from the financial industry were by far the most cyber-aware compared to other industries, there is a need to educate finance workers about cyber security.
Investing in a professional development course (CPD) is a great way to ensure employees are aware of cyber threats and stay up to date, especially as most breaches are caused by human error. Remote workers especially can be more vulnerable to phishing, compromised passwords and weak network security, so knowledge is key.
3. Invest in better fintech ID security solutions
Since the start of the Covid-19 pandemic, identity theft has been on the rise and online retailers have lost significant amounts of money. Online banking security measures, such as one time SMS pins (OTPs) and knowledge-based authentication (KBA), are no longer enough to stop hackers.
Digital technologies are moving towards a passwordless future: facial biometrics is proving to be a valuable tool to prevent hacking, with an ever-expanding range of solutions on the market.
4. Implement better endpoint security solutions
In the era of online banking, anything from an ATM machine to a laptop or a smartphone can be an endpoint connecting to enterprise networks. As people began relying more on their personal devices for financial operations during the Covid-19 pandemic, cybercrime targeting endpoint ecosystems has increased by 500%.
Implementing strong endpoint security, for example through software as a service (SaaS) solutions, protects business and customers’ data from malware and other types of cyber attacks.
SaaS protects businesses on a bigger scale than traditional antivirus solutions, enabling better security across multiple endpoints, including mobile and remote devices.
5. Develop a business-wide cyber security strategy
Different organisations face different challenges when it comes to cyber security, and IT departments need to communicate with all employees to implement an effective business-wide strategy.
While compliance with frameworks is essential, businesses offering financial services need to shift to a risk-centric approach that ensures operational resilience. Password management is paramount, especially for remote workers. Employers should ensure password complexity and mandatory password changes, as well as provide secure password management tools where possible.
Further aspects to think about when developing an effective cyber security strategy include:
- Built-in data encryption across all applications
- Flexible access management
- Remote browser isolation to protect users from web-borne threats
Working with technology consultants can also be a great way to improve internal cyber security policies and ensure confidential information is protected.
6. Focus on data integrity and data security rather than just systems
Using the correct tools to maintain data integrity is essential to avoid breaches and hefty fines in a landscape of ever-changing regulations.
Most enterprises rely on multiple separate applications and services to manage customer data, employees and vendors. In addition, they often need to access customer data from mainframe applications which, albeit secure, are outdated and cannot be easily integrated into modern data environments.
This may result in missing, inconsistent, inaccurate and duplicate data, leaving organisations less able to tackle possible data breaches quickly. Using tools for data quality automation helps companies validate, de-duplicate and standardise critical data, making them easier to protect. For example, data quality tools can detect problems of which employees might not be aware and then provide dashboards and automated workflows to help solve issues quickly.
7. Adopt automation and AI to monitor data in transit
AI-powered suptech (supervisory technology) is quickly becoming one of the most valuable assets in fighting cybercrime, especially with the increased use of cryptocurrency. Relying on blockchain technology to record transactions is an effective way to protect data in transit.
Automation and AI are especially important in regtech (regulatory technology) because they allow both organisations and authorities to enforce regulatory compliance and enact measures to prevent fraud and money laundering.
8. Focus on response times
Having a high-quality customer service policy is key to ensuring cyber incidents do not escalate too quickly. IT teams need to be in constant contact with customer service to ensure quick response times and avoid reputation damage at all costs.
9. Don't forget mobile security
Mobile banking apps are often targeted by cybercriminals who can quickly manipulate them with malware and gain access to sensitive information. Implementing mobile threat prevention strategies is paramount for financial organisations, alongside a strict zero-trust policy when it comes to third-party apps. With remote working on the rise, organisations also need to have clear BYOD (bring-your-own-device) policies to protect enterprise data.
10. Plan for disaster recovery
The future is unpredictable, so it is always best to be prepared for the worst-case scenario. Every organisation should have a disaster recovery strategy in place to be tried and tested with regular drills. Finally, investing in cyber risk insurance ensures a smooth disaster recovery when things do not go to plan.
Conclusion: implementing better cyber security measures in financial services
The impact of information technology on financial services has become clearer with the Covid-19 pandemic, bringing advantages to customers while simultaneously leaving organisations vulnerable to cybercrime.
By implementing an effective cyber security strategy and relying on the latest developments in fintech and regtech, financial institutions can keep providing secure services even when the risk of malicious attacks is higher than ever. Although it can feel daunting for business leaders to invest in and keep up to speed with fintech, it is often not as complex as it seems, and the advantages outweigh the drawbacks.
“Technology innovations are the life blood of financial industry and the companies of today will need to seize and strive to keep up with innovation to stay competitive. Fintech is one of the fastest growing industries. As Tim Cook spoke on the launch of Apple Pay, ‘Would you like to see it one more time. You may have blinked and missed it’” - Fiona Russell, Finance Planning Executive at ROCK.
Clear laws and regulations are needed to make new technologies such as cryptocurrency as safe as possible. Cyber awareness and compliance within single organisations are the first step to fighting financial crime and leveraging the power of fintech.
- BAE Systems (2021) The Covid crime index 2021. [Accessed: 5 July 2022].
- Barnes, A. (2022) Cybersecurity in fintech: Challenges and prospects. Capital 15 February 2022. [Accessed: 6 July 2022].
- Canner, B. (2018) SaaS-based endpoint security. Is it right for your business? Solutions Review 11 May 2018. [Accessed: 12 July 2022].
- Crisanto, J.C. and Prenio, J. (2020) Financial crime in times of Covid-19: AML and cyber resilience measures. Financial Stability Institute May 2020. [Accessed: 5 July 2022].
- Danyluk, M. (2022) Cybersecurity is a finance issue. AB Magazine January 2022 [Accessed: 5 July 2022].
- Dasgupta, S. (2022) How data-driven suptech can change the game in fighting financial crime. Fintech Futures 25 May 2022. [Accessed: 7 July 2022].
- England, J. (2022) Fintechs prioritise cybersecurity as global threat increases. Fintech Magazine 11 March 2022. [Accessed: 5 July 2022].
- Kruger, P.S. and Bauchle, J. (2021) The European Union, cybersecurity and the financial sector: A primer. Carnegie Endowment for International Peace 16 March 2021. [Accessed: 7 July 2022].
- Mobile Mentor (2022) The Endpoint Ecosystem 2022 national study: How employees are using devices in high-risk and highly regulated industries. [Accessed: 11 July 2022]
- O’Connor, A. (2022) The four pillars of data intergrity. What finance businesses need to know. Finance Digest. [Accessed: 13 July 2022]
- Paretsky, I. (2019) Why multilayered fintech protection starts with endpoint security. Benzinga 29 January 2019. [Accessed: 12 July 2022].
- Richter, A. (2022) The future of crypto compliance. Fintech Futures 29 June 2022. [Accessed: 5 July 2022].
- TechUK (2021) The role of the CISO in a digitally transformed organisation. TechUK 2 December 2021. [Accessed: 5 July 2022].
- World Economic Forum (2020) The post-Covid financial system: Global future council on financial and monetary systems. World Economic Forum October 2020 [Accessed: 6 July 2022].