08/12/2020
read
What Cybersecurity Looks Like for the Financial Sector in 2021
In recent years, the finance and insurance sector has become a notable target for cyber attacks. Many of these breaches are believed to be due to inadequate security measures when using cloud services.
The financial industry is also being affected by changes in processes with more fintech, virtual banks, and other digital disruptors affecting the market. The cyber landscape is changing very fast with cyber criminals using the most up-to-date technology to hack systems and it is therefore up to the financial sector to keep up.
So, as we reach the end of 2020 what does cyber security look like for the financial sector for 2021?
AI Security
Artificial Intelligence (AI) is now commonly used by both cybercriminals and cyber defence. In cybersecurity it is used as a means of identifying new threats as well as assessing the effectiveness of the responses to threats enabling them to effectively block attacks before they happen. AI can be used to spot behavioural patterns and can identify possible infiltrations. But conversely it is also used by hackers to make it easier for them to get past security systems in place. In 2021 it is likely that AI will be increasingly used as a means of gaining personal details (i.e. credit card details) as well as optimising spam phishing campaigns.
Mobile Cybersecurity in Banking
With most consumers using their mobile devices for banking and financial transactions especially since the COVID-19 pandemic has rendered society predominantly cashless, cybercriminals have been heavily targeting mobile systems. For example, mobile malware only targets mobile phone operating systems. Therefore, it is now more important than ever to protect mobile devices to the same extent as traditional hardware.
The most common forms of mobile malware are:
- Virus and Trojans
- Spyware and Madware (mobile adware)
- Phishing campaigns
- Browser exploits
The same protocols in place to ensure your staff PCs and laptops are secure now need to be applied to their mobile devices as well.
To increase your mobile cyber security, many of the same processes need to be put in place, such as:
- Ensuring the latest versions of the operating system and other applications are installed.
- Installing a firewall.
- Enabling mobile security software to protect against malware and viruses.
- Using password protected lock screens.
- Ensuring apps are only downloaded from official sites like Apple App store and Google Play.
No cyber security process is fool proof however, and it is a constant battle against the cyber criminals. If you would like guidance on the best tools for securing your organisation’s mobile devices, you can contact CiS today. A specialist cyber security consultant will be able to discuss your options with you. Learn more about our cyber security services here.
Multi-factor Authentication
Multi-factor authentication is one of the easiest security measures to implement within your business and is becoming more common within the financial sector for many transactions. Multi-factor authentication adds an extra layer of security to all your business networks by ensuring every transaction or login is supported by at least two security measures for access. The traditional username and password are becoming increasingly easy for cyber criminals to acquire, whereas adding an extra identification method not easily accessible to the hackers ensures an extra layer of protection.
The most commonly used multi-factor authentication methods are:
- Passwords – They should be complex and comprise at least eight characters and be a combination of upper- and lower-case letters, numbers and special characters.
- One-time use code – A randomly generated code sent via SMS or email which is used only once. With weaknesses in mobile networks and email accounts these can however be intercepted by hackers.
- App generated codes – a code generated by an app on a mobile phone often created by scanning a QR code which contains a ‘key’. As the key is stored on the phone itself this is less likely to be intercepted by a third party.
- Physical authentication keys – this is a USB which the user inserts every time they login from a new computer. Unfortunately, they don’t work on all devices without adapters (such as iPhone, Macbook or Android).
- Biometrics – Using a fingerprint, voice or an eye dent is an effective identifier. They are extremely difficult to hack but if they are, they cannot be used ever again for anything.
- Information – this could be something that only the user would know – either a password or a piece of information.
All these methods (other than physical authentication keys) are free or relatively cheap to implement and don’t require anything other than a mobile phone for the user. The added security of multi-factor authentication means even if a hacker has acquired a username/password combination there is still another form of security preventing access.
Refined Testing
As the finance industry is constantly changing, then so too are the security threats. This means installing new anti-virus software and implementing MFA, then stepping back thinking it’s a job well done, is not going to keep you protected for long. Financial cybersecurity is an ongoing commitment and requires ensuring software and firewalls are up to date as well as ensuring access is regularly updated. In addition to this constant maintenance regular testing of the systems is essential. All systems have vulnerabilities, and as these change the cybercriminals learn to overcome them and therefore software develops.
Regular penetration testing essentially identifies any weaknesses in your systems before the cybercriminals do. It is essential to schedule in penetration testing or vulnerability scans at least once a quarter unless compliance dictates otherwise. They can be carried out using a vulnerability scanner. It is not possible to be over cautious when it comes to cyber security.
Hiring the right people
Of course, having the right team on hand to ensure your systems are up to date, regularly tested and maintained is essential.
It’s important your IT security team have;
- Knowledge and understanding of the company’s IT infrastructure.
- Knowledge of cybersecurity best practices.
- Understanding of company processes and data flows.
- Up to date knowledge of cybersecurity solutions.
Not every business has the available resources to have an in-house IT and cyber security services team which is where outsourcing your IT support can be the best of both worlds. In-house service for an out-sourced price. To speak about your cyber security concerns, contact a member of the CiS team today.
How can we help?
Whether you have a project to discuss or just need some friendly advice, we'd be happy to help.
Get in touchKeep up to date
Join our mailing list and stay up to date with all the latest in the IT world