By Safi Raza, director of cybersecurity, Fusion Risk Management
The COVID-19 pandemic drastically changed the way that financial organizations operate, communicate, and do business. As firms were adjusting to new ways of working, cyber criminals were eagerly awaiting the opportunity to take advantage and exploit security weaknesses. Today’s cybercriminal is capable, skilled, and constantly evolving to take advantage of online behavior. As we enter a new year, new cybersecurity challenges are ahead of us. So, what can we expect in 2021?
The rising risk of remote working
Today the majority of financial organizations have a remote workforce, and this way of working brings a set of challenges that organizations must address to ensure customer and employee data is protected. Remote employees are sharing their home network with smart TVs, phones, tablets, and various IoT devices that are not adequately secured. The exchange of highly sensitive, confidential, financial information that once occurred behind fortified infrastructures is now conducted from home networks. In 2021, CTOs and their teams will explore avenues to help mitigate this cyber risk, and we can expect to see financial organizations spend more time and money on endpoint security and end-user training.
Third party risk
Engaging with third parties offers financial organizations opportunities to streamline and increase efficiency. However, third parties also increase risks. Financial organizations must implement an effective third-party management program, have a holistic approach to third party risk management and include vendor risk and third-party governance to their cybersecurity and business continuity program. Third-party risk management also continues to be a focus for regulators, with recent consultations from the Bank of England and European Commission. As a result, we can expect greater investment in managing third party risk among financial organizations.
AI is the future of cybersecurity in financial services
Artificial intelligence is a trend that has been of interest to cybersecurity and financial professionals alike; AI can transform the way financial services organizations operate. Especially following the massive and sudden increase in the number of people working from home, artificial intelligence has been validated as the future of cybersecurity. Unlike traditional security solutions, AI does not depend on known signatures. Instead, it relies on user and attack behavior analytics and network traffic analytics, quickly neutralizing a threat before it becomes a crisis. The implementation of AI helps us identify attacks by analyzing and predicting them in real-time. In 2021, we will see an increase in investment in AI as financial organizations seek to avoid cyber-attacks before they become a target and the way they operate is disrupted.
Ransomware becomes an even greater threat
Cybercriminals follow the money and financial services are a lucrative target for criminals, so ransomware cases will continue to rise. Threat actors use a tool for as long as it is effective, which means that as long as it is monetarily viable, ransomware will continue to be a top threat to the financial services industry for many years to come. The ransomware threat is even greater for the financial services industry, as trust and reliability are a key differentiator in the market for customers and freezing digital systems threatens the relationship between a firm and its customer. This dynamic creates an urgency for banks, hedge funds, advisors and other financial organizations to pay up and recover.
Social engineering – the dangers of deep fakes
Human beings are the weakest link in the cybersecurity chain, as hackers prey on our nature and the inevitability of human mistakes. As more defensive technologies integrate with artificial intelligence, it is becoming ever more difficult for threat actors to infiltrate protected financial services networks. Because of this, cybercriminals increasingly rely on social engineering. Newer additions to the social engineering arsenal are deep fakes. ‘Deep fakes’, are audio or video recordings that combine existing information and develop it into a new image, video, or audio recording which are easily accessible online. An open-source program named Avatarifyn superimposes someone else’s face onto the user’s face in real-time, during video meetings. The code is available on Github for anyone to use. While financial professionals may be wary of emails or texts, it is likely they would believe they really are talking to their boss, partner or customer if they look and sound like them. The lack of effective deep fake detection technology attracts many bad actors and this threat will only become stronger in 2021.
Financial services institutions face fierce competition in the market, as new and existing organizations are continually transforming their offering to attract new customers. This is why banks and other financial firms should proactively seek to improve the customer experience and build a reputation of being a secure, reliable service provider. This strategy includes strengthening cybersecurity plans. The good news is that many leaders already appreciate the transforming security landscape and are committed to protecting their business. In a world with opportunistic and highly skilled criminals, these are the very financial organizations that will prevent, adapt, respond to, recover and learn from cyber-attacks.