[author: Kevin Gorsine]
Introduction
Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.
FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a. cybersecurity risk.
This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become more agile and provide a frictionless customer experience. They must also grapple with the need to reduce costs while complying with complex regulations and managing an increasingly global workforce.”
In other words, make your services super secure and super slick. Maybe that’s why the financial services industry is predicted to face cybercrime costs of £1.5bn during 2017? Or that this industry remains the biggest spenders when it comes to cybersecurity?
So, let’s take a look at some of the top cybersecurity headaches plaguing FSIs right now.
1. Compliance Pressure From Regulatory Bodies
Not only are new regulations, such as GDPR , entering the fore, but existing regulatory bodies, like PCI DSS, are tightening their requirements, placing additional pressure on organizations to reassess their cybersecurity posture in line with these new requirements.
A known frustration, however, is that various regulatory bodies have conflicting requirements, intensifying a cybersecurity headache to a proper migraine.
2. Increased Risk From Third-Party Business Partners
Of course, the importance of choosing your business partners continues to be key. In short, their cybersecurity vulnerabilities are your cybersecurity headaches.
Legacy contracts need reviewing, and clear delineation of responsibilities is key. Additionally, the new GDPR regulation, which impacts companies around the world that collate and process personal information of EU data subjects, clearly shares the blame between controllers and processors, so “clever” contracts designed to shield organizations from legal responsibilities may lose efficacy.
3. Threat Landscape Complexity
This is the one you were all expecting to show up on the list, and you would be right. The onslaught of vicious malware strains and unauthorized access via one of the hundreds of access points into a network is a complex balancing act. Availability for authorized users cannot be compromised, while ensuring that the bad stuff stays at bay.
4. The March of IoT
With new devices and technology being connected to the internet, the importance of baking in cybersecurity from the get-go is key. This difficult, costly exercise is often insufficiently considered by developers at the early stages.
Managing the plethora of devices accessing FSI services, from payment systems, websites, and applications, and ensuring they cannot compromise the system remains a key focus for cybersecurity leaders in the financial industry.
Acknowledgments
We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.
