Security resilience and agility are hot topics in today’s financial services landscape. The increasingly vulnerable digital landscape means the industry needs to focus on staying ahead of emerging security threats.
Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, with the banking and financial services sector having one of the highest incidences of DDoS activity (1).
Although security resilience issue has been talked about for many years now, in today’s fast growing digital economy, it is becoming even more important on the business agenda. Security is no longer an IT ‘thing’ – it’s a core organisational and cultural concern for modern businesses.
Here are our top five insights from having recently attended the Future of Security event –
- Security is a strategic business differentiator. As customers expect more and more from the companies they deal with, customers want to know and have certainty that their data is being kept safe by their banking or financial institution. As criminal and dark web ransomware technologies continue to evolve and on the rise, there is a sense of urgency for organisations to combat these breaches by investing in sufficient barriers against attacks. Artificial Intelligence (AI) is an emerging security solution that can provide the preventative methods for the future.
- Organisations who have built a culture with a strong awareness around cyber security will lead the way. Most cyber-attacks and exploits can be avoided by developing the right organisational culture. The dark web and organised cyber-crime institutions are growing due to the financial benefits that exist. This creates risk for institutions that do not take a good security stance and give security the importance it deserves. Jurisdictional legislation is not equipped to deal with the borderless nature of cyber attacks.
- Digital identities don’t always deliver a safe security solution. The levels of exploitation by cyber criminals and automates bots continues to rise begging for a new approach which many are identifying as a combination of identity, device, location and threat attributes. A combination of these factors will in the future form the basis for a true digital identity. By building a digital identity graph with these layers, recognised and trusted behaviour patterns can be established to better determine genuine interactions.
- The answers are still to come. Frustrations around the current outdated username and password methods coupled with the recent breaches that were experienced with a number of large institutions are raising questions around how these authentication methods could be improved. Newer authentication methods are available and mandatory breach disclosure legislation is being implemented in an effort to expose breach sources, drive innovation and create industry awareness.
- Collaboration will help to combat security threats. Moving forward, it is now essential to provide a safer network across the broader business and government community. The public and private sectors need to work together and establish links for the benefit of regional businesses in particular, as they’re often smaller companies that don’t have the ability, nor the resources, to build a security department internally. Ensuring a high reaction level throughout the industry will elevate the outcomes.
(1) Source: ACSC Threat Report