Data breaches in the financial sector are also on the increase and in 2018 there was a five-fold increase on the previous year. This continues to grow year on year as more people are turning to online services.
Many of the security breaches are through inadequate security measures when using cloud services, where too much reliance is on the third-party providers’ security measures. For more information on cloud services click here.
The financial industry is an automatic draw for cyber criminals as it has high-value data and can prove to be a quick win. The industry also processes millions of transactions every day across a number of inter-connected systems which means weaknesses may not be immediately apparent and therefore makes them more vulnerable to attack.
A security breach in this industry is not only problematic for clients and their assets but also company reputation as well as legal and compliance implications.
But these risks can be reduced by putting robust security measures in place.
What is cyber security in banking?
Cyber security for finance is essentially a set of processes put in place and maintained which protect client/customer data from being stolen or infiltrated and controls what happens on the network and by whom.
Cyber security in banking and the financial industry are pretty much the same as those that would be used in any other industry. However, the implications of getting it wrong, cutting corners or being complacent are far greater in this sector. Financial services cybersecurity should include:
- Malware, ransomware and virus protection
- Strong password guidelines
- End to End Encryption
- Multi-factor Authentication
- Regular penetration testing
- Updated and maintained software/servers
- Employee training programme
What banks have the best cyber security?
As many of the security processes for the financial sector are the same for other industries and home security, customers may assume that all banks are on an equal footing when it comes to cyber security. Customers trust the industry with their data and more importantly their financial assets. However, not all UK banks are created equally and some far outstrip others in regard to safety.
At the end of 2019 Which? carried out an investigation in conjunction with independent security experts Falanx Cyber which identified the top five UK banks when it came to cyber security.
- Natwest (Royal Bank of Scotland)
- Lloyds Bank
Since the investigation was carried out most banks are doing their best to improve their security processes. For example, Barclays no longer include URLs or phone numbers in texts to their clients. This was a major security risk, as cybercriminals use URLs or phone numbers as a common technique in phishing or smishing campaigns, where they try to get the victim to click on a link which looks like it has come from their bank or financial service.
How financial services can stay secure?
Financial services need to have financial cybersecurity at the forefront of their minds – even before customer experience and customer satisfaction.
It is essential for financial services to take control of their networks and more importantly their data.
- When using third party cloud software be aware of the backup and security limitations and implement extra processes.
- Assess in-company networks and identify who has access to what, and whether that is up to date.
- Run penetration testing on the systems to identify weaknesses before the cyber-criminals do.
- Keep all firewalls, anti-virus, malware and ransomware software up to date.
- Ensure all customers and employees use Two-Factor Authentication for logins. For more on this click here. This provides an extra layer of security should cyber criminals gain access to passwords for example.
- Disable the ‘remain logged in’ option so if your phone or laptop is stolen criminals won’t have access to bank details and accounts.
- Ensure that all equipment is updated and supported. Up until 2019 ATM machines in the UK were working off a Windows 7 operating system which reached end of life in January 2020. Using systems, this old presents plenty of opportunities for data breaches.
Common cyber threats to be aware of
The financial industry is plagued by the same threats as all other industries. There is, however, the myth, commonly believed, that the smaller the business the less enticing they will be for the cyber criminals. This, however, simply isn’t the case. In fact, the smaller the company the easier it is for the cyber criminals to infiltrate the systems as security normally isn’t as rigorous.
The most common threat in 2020 is ransomware and this has seen an upsurge in cases. Ransomware sees a cyber criminal infiltrating your system and slowly encrypts all your data. They then request a sum of money in order to decrypt it for you. A report produced by Cyberedge Group in 2020 shows that as many as 58% of victims actually pay the ransom but only 67% report retrieving their data.
In order to reduce the probability of being targeted by ransomware, it is essential to have anti-ransomware software installed and kept up to date.
Financial services are also the victims of phishing, smishing and phone scams where customers are encouraged to sign in to faked websites, provide details to the scammers, or to transfer large sums of cash. By having rigorous security protocols in place, and a regular education programme for both staff and customers can hopefully prevent these campaigns from being successful.
Steps to take to improve security practices
The key to improving security practices is to be proactive and not reactive. It is better to put everything in place to prevent an attack rather than waiting for the cyber criminals to spot the weaknesses in your systems.
There are three main steps that financial services should take to improve their security.
- Draft internal policies and ensure all staff follow them.
- Ensure appropriate insurance coverage is in place which can mitigate the risk should you be attacked.
- Engage with cyber security services professionals to ensure the best systems are in place.
If you would like to have an assessment of your security systems carried out and an effective plan put into place, contact CIS today.