Cyber threats are the “new normal” for the financial services industry, according to Booz Allen in its annual list of the “Top Financial Services Cyber Security Trends for 2014.”
"Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber program that responds to an institution's critical business risks, while considering the new realities of a complex and interconnected operating environment," said Bill Stewart, senior vice president and head of Booz Allen's commercial finance program, in a Business Wire article. "We are increasingly helping clients to work through how best to align cyber spend with an ever increasing potential exposure. Threat actors continue to grow in sophistication, driving our clients to respond. Simply increasing spend is not the always the best option – we are helping our clients build programs that respond to their material business risks while balancing resource expenditures."
According to Booz Allen, the Top Financial Services Cyber Security Trends for 2014 are:
- Generating or receiving useful and actionable threat intelligence. By fusing threat intelligence with other disciplines such as incident response and fraud is a proven method for connecting data elements to build actionable intelligence.
- Mobile security platform weaknesses are giving rise to new threats, which take advantage of weaknesses in mobile device platforms when information is sent to a hacker who then “owns” the device.
- Developing countries with growing liquidity will see more attacks on their local banks, including in the Middle East, Latin America and Asia Pacific.
- Attackers are moving from large-sized banks to regional and mid-tier enterprises due to their lack of security. These banks often lack the finances, technology and manpower to introduce widespread cyber security defenses.
- Insider threats put a spotlight on enterprise-wide planning and preparation: banks should develop multi-disciplinary teams that include IT, human resources, internal communications, marketing and legal to communicate to all staff the importance of cyber risk awareness, and how to address concerns.
- The NIST cyber security framework, which moves financial services firms closer to a set of voluntary guidelines and a de facto “standard of care,” creates challenges for financial firms while opening the door for liability protections from a growing cyber security insurance industry. The framework would then make private sector enterprises liable in the event of cyber breaches that destroy or lose PII or other valuable data.
- Big data requires data-level security. As operational data moves to the cloud, fine-grained security controls are necessary to ensure banks don’t share sensitive data, while defending against adversaries moving laterally across data sets.