Ask any customer what they expect from their bank or financial services firm today, and two words come through loudly and clearly: security and privacy. Commercial and institutional customers (http://www.boozallen.com/consultants/commercial-npo) have come to expect seamless service, properly cleared transactions and fast, accurate information. But news about major cybersecurity breaches has alarmed consumers, causing banks to redouble their efforts to protect their technology infrastructure. This means the stakes have never been higher for banks and financial services firms, and there are clear trends for cyber risk and security protection in the financial services industry in 2013, according to the experts at
Vault Door"When we think about the lethal daily threats to the globally integrated financial services industry from nation-states and individuals, it is imperative that Chief Information Security Officers begin looking around corners, talk with each other and better prioritize the real threats to their firms," said
McConnell is speaking today at
Booz Allen works with financial services firms to identify and benchmark best practices and challenges for long-term cybersecurity prevention and protection (http://www.boozallen.com/consulting/delivering-results-that-endure/cyber). This process is part of Booz Allen's Cyber M3 (Measure, Manage, Mature) capability, which evaluates the maturity of a firm's cybersecurity programs. Both Cyber M3 and the benchmarking program incorporate technology, business process engineering, human capital development and risk management in developing a comprehensive picture of a firm's and industry's cyber readiness.
The Top 10 Financial Services Cybersecurity Trends for 2013:
Business/Information Risk protection is not Just a Technology Issue - Spending on new technology alone is not enough to protect a firm's information and business. Firms must also invest in people and in fine-tuning processes to ensure, not only the proper use of technology, but that the processes that require interfaces between organizations are well managed and executed flawlessly. No matter how good a technology is, if not used correctly by skilled employees who follow well-defined processes, vulnerabilities will surface that can be leveraged by both internal and external threat actors.
Data disruption attacks may become data destruction attacks - The potential of threat actors actually destroying data is a major concern among risk and security professionals. Over time, the financial services industry will face threats from extremist groups who, when denied access to weapons of mass destruction, will use cyber as a "weapon of mass disruption." Additionally, threat actors who mean to disrupt a firm's business operations to make a statement or prove what they consider a moral point will also utilize destruction of data to ensure they make an impact.
Nation states and threat actors are becoming more sophisticated - We now have to face more sophisticated threat actors such as smaller nation states and terrorist elements obtaining similar capabilities. The financial services industry must fully understand the entire threat landscape and what this means in terms of employing the right people, technology and processes to ensure business continuity and proper risk management.