According to a study by Deloitte, cybersecurity issues are becoming more important – and more expensive – every year. This is mainly related to the development of new technologies but also related to risks.
Predictably, the study also showed that the financial sector is particularly sensitive to security issues.
Data leaks are increasing.
Cloud computing and big databases remain the most important technological priorities for big players in the financial industry. The use of cloud computing, of course, brings additional opportunities, but at the same time, it can be a potential weak point of security. This is evidenced by the results of another study by IDC among network security directors (CISO) of large American companies. As many as 79% of them admitted that their company had leaked data stored in the cloud in the last 18 months. Moreover, this percentage is as high as 94% for companies that provide banking services in the United States.
For example, it is worth mentioning the data leakage of 106 million credit cards of Capital One’s customers stored in the Amazon cloud, which took place in 2019. Most often, similar violations are related to misconfiguration of the service, which is relatively easy to do if we consider the trend in which more and more applications and databases are moved outside the company’s premises. The greater the complexity of such an ecosystem and the more dependencies between individual applications, the easier it is to error and exposes customer data to the public.
When collecting customer data, let’s take care of their security.
Currently, the fight for customers in various industries resembles an arms race: new technologies allow you to find new ways to reach customers and prepare personalized offers. To do this, however, it is necessary to collect data on individual users and their behavior. While in previous years, companies from the financial sector focused on developing mobile services, now artificial intelligence and tools for automating business processes (RPA) are becoming increasingly important.
However, it is worth bearing in mind that each new technological solution is associated with creating a potential gateway for criminals (or, as cybersecurity experts say, “new attack vectors”). The tools in question are computer programs designed to analyze big data, often including sensitive information. For this reason, it is also necessary to ensure special protection of this element of the company’s IT system.
New technologies can attract customers and increase profits, as well as reduce costs. On the other hand, technological innovations are not always fully tested. Often the flexibility of a given solution comes at the expense of security, which should not be the case in the financial sector. That is why it is important to check the new solution by the team responsible for cybersecurity in the company before its implementation on a large scale.
According to the Deloitte survey, more than half of the respondents admitted that people responsible for cybersecurity are part of the IT team. However, this solution has both advantages and disadvantages.
– Due to the direct link between cybersecurity and the IT department, financial institutions are potentially better prepared to counteract threats. However, from an organizational point of view, technological functions should be clearly distinguished from those strictly related to cybersecurity. If cybersecurity is the IT domain, there is a risk that risk prevention issues will not be sufficiently visible. Therefore, there may be a problem of achieving ad hoc project goals, such as time and budget, at the expense of their safety – says Cyber Practice Director at Deloitte.
Omnichannel has become a necessity, but it can also be a threat.
A large number of sales channels is, on the one hand, an advantage because it allows you to communicate in new ways with the client, and on the other, it opens up new possibilities for attacks. For this reason, the multi-channel sale is a great organizational challenge for departments responsible for the security of IT systems and customer data. Therefore, when designing IT systems, you should consider the protection of information on the principles of security by design and privacy by design, which is required by the General Data Protection Regulation (GDPR).
Despite the unfavorable market conditions related to the coronavirus pandemic, companies should keep cybersecurity spending at least at a similar level to today. On the one hand, the accelerated digitization that we are witnessing allows us to conduct business to a greater extent than before. On the other hand, if we do not take care of appropriate procedures and train employees, a hack may turn out to be tragic.