Story image

Financial organisations increasingly vulnerable to cyber attacks

23 Jun 15

In recent years the financial sector has changed it’s approach to risk management, with some changes expected, such as continued constricted regulations, and others less expected, such as the increasing realisation that cyber and financial crime need to be addressed as an integrated security risk with an integrated strategy. 

“These changes to risk management have been driven by significant cyber penetrations driven by financial crime,” says Sanjay Samuel, BAE Systems Applied Intelligence head of financial crime Asia Pacific.

“With the evolution of malware, the threat landscape has evolved and criminals are specifically targeting financial organisations; the volume of which is increasing ten-fold. 

“In addition to this, continued problems with compliance monitoring has been uncovered after the fact, showing these regimes have been ineffective.

“There are a number of large financial institutions that have significant, and what they have thought are sophisticated, monitoring regimes in place and yet have been unable to protect themselves effectively when an attack has occurred,” she says.

According to Samuel, this is partly due to the fact that there is a lack of cyber security analytics capability and technology in organisations.

She says, “Most [organisations] have a vast array of security technologies but these technologies don’t talk to one another and are often managed by different teams within the organisations. 

“This means attacks may go unnoticed or not be responded to from a holistic security perspective, even though the organisation’s security technologies may actually have detected the incidents. 

“As companies become aware of these gaps, it has led to higher budgets, increased integration of risk and security teams, and the emergence of conscious convergence strategies across cyber and financial crime monitoring services."

BAE Systems have identified four key risks financial institutions may be vulnerable to in the coming months and years: 

1. Lack of integrated approach 

One of the continued risks for the financial sector is the lack of an integrated approach to cyber and financial crime. This could lead to some institutions being a soft target for ever more sophisticated fraudsters. 

2. Criminals diversifying their activities 

Increasing use of automation and the growth of identity compromises lets financial criminals diversify their activity, making it difficult to detect within a single institution.

For example, there is an increase in money mule accounts that are only used once or a few times before moving on, making them harder to track. This could be addressed through more cooperation across the financial services industry. 

3. Permeable boundaries 

To service customers more effectively online in a multichannel environment, financial institutions tend to make their organisational boundaries more interconnected and therefore less secure.

This security risk must be considered in order to protect both the organisation and its customers from unwanted perpetrators. 

4. Mobile customer base 

A more mobile customer base requires fast, easy access to services online, posing another risk to financial institutions as these same services offer fraudsters and hackers anonymity.

It may prove difficult to identify authentic customers while continuing to provide the same user experience for customers.   

“Financial institutions are increasingly aware of the risks, trends and changes in the sector. Traditional financial services institutions are geared up to handle this from a fraud and compliance angle.

“New entrants, such as telcos, who are becoming financial services providers in some cases, may have to play catch up on the types of systems they need to put in place to protect them and their customers,” Samuel says. 

NZ’s $3.45bil IT services market fueled by competitive advantage
"With regards to cloud adoption, organisations are prioritising innovation and security over cost and scalability.”
The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.