Because they are facing cyber attacks planned by professionals, financial institutions must take extreme measures.
As guardians of the assets of individuals and companies, the financial industry has always been a choice target for hackers. The year 2014 will be no exception to the rule; the security threats in this sector are more common than ever, according to experts.
In the past few years, the greatest danger to financial institutions has been the distributed denial of service (DDoS), but cyber criminals are now developing new weapons. Not only is the frequency of the attacks increasing, but so is their level of development. Also, the danger is probably greater than what is said or predicted, since many organizations are reticent to publicly discuss the incidents they have experienced.
Increasingly, small and medium-sized companies are being targeted by hackers. These companies do not have the means to protect themselves as completely as large companies, hence their vulnerability. Too often, they believe they are safe, thinking they are not included in the criminals’ plans due to their smaller size. Nevertheless, they can conceal a precious booty, even more accessible today since entrance gateways have multiplied with the rise in mobility.
Financial institutions form a vast network made up of small, medium, and large companies. Each link in this chain is a potential access point to the network. Thus, an intrusion into a small company can have repercussions on a large institution. More than ever, adequate protection is necessary for all organizations in the sector, whether large or small.
Concerning this, here are the main factors that must be considered:
- Internal threats – these can come from anyone working directly or indirectly with the organization – employees, partners, suppliers, clients, etc. It is difficult, if not impossible, to prevent internal attacks, but it is necessary to have a plan to react quickly and efficiently when they occur. Experience shows that the businesses that recover best from cyber attacks are those who came up with a plan and applied it.
- Hacktivists – these Internet activists launch ideological attacks, which are not necessarily commercially advantageous. Rather, their goal is to destabilize an organization to draw attention to a cause – political, humanitarian or otherwise. In 2013, hacktivists were more active than ever in paralyzing stock exchanges almost everywhere around the world.
- Cloud computing – in general, cloud computing providers offer efficient security solutions, but the companies in the financial sector must supplement this with their own efforts (strict policies, encryption, authentication, etc.)
- Mobility – we have already discussed the increasing number of gateways into networks. Today, it is indispensable to have adequate protection on mobile devices that are used for business.
When it comes to cyber security, a generalized approach over all sectors of business activity does not provide enough protection. Although many of the problems and threats are the same from one industry to the next, there are specific issues that must be accounted for. In the financial sector, the protection of sensitive and confidential data is vital, along with compliance with strict and precise regulations. In addition, each organization has its own specific features and context, which further complicates the implementation of an adequate defense.
Under these conditions, it is essential that businesses in the financial sector choose a trusted partner (such as Cisco) that is capable of helping them effectively protect themselves throughout the entire organization.
Author: Normand Tessier