Preparing for cyber disaster

The financial services sector has long been known for weathering rapid changes, including sudden dips, dizzying highs and unforeseen fluctuations. After, banks are in the risk business. However, as the world has become more digital, cybersecurity has become even more critical.

Click image to zoom Tap image to zoom

While the pandemic was responsible for driving massive global-scale digitisation we have also seen a sharp incline in cybersecurity threats. Fortunately, research from Verizon’s Future of Work series shows the financial services sector is more future-ready than other industries.

"Financial services companies are among the best prepared for disasters with many having extensive contingency plans and even disaster recovery sites.”

Financial services firms are largely investing for the future, despite the crisis – particularly in preparation for disasters. The financial sector’s score on the Future of Work Index, 6.8 out of a possible 10, was higher than the overall survey average of 6.7 and well above industries such as manufacturing, media and legal services.

Click image to zoom Tap image to zoom

Investing, despite the crisis

Like all other industries, most financial services respondents said that they suffered commercially due to COVID-19 to some degree. Just under half saw decline in revenue and 38 per cent said they had lost customers.

However, financial services companies are also among the best prepared for disasters with many having extensive contingency plans and even disaster recovery sites. And with so much business now done online, organisations like banks were somewhat insulated from the impact of lockdowns.

Over three quarters of respondents said the crisis underscored the importance of responding to the needs of customers in difficulty or financial distress. Encouragingly, the survey found financial services providers are actively thinking about the future.

Far from denting commitments to transformation, the crisis appeared to have made companies more intent on following them through. In fact, a majority reported the crisis had encouraged them to double-down on planned changes, including accelerating the deployment of new technologies and improving employee wellbeing,

Cybersecurity accelerating in financial services

Banks and other financial institutions appear to be more determined than ever to push ahead with advanced technologies. As well as traditional priorities, such as cybersecurity, 70 per cent of sector respondents said they plan to invest more in data analytics and 69 per cent said the same in relation to Cloud enablement.

Financial institutions also planned to step up their Cloud investment to support the substantial computing demands of advanced data analytics, artificial intelligence (AI), machine learning (ML), the deployment of Internet of Things (IoT), 5G technologies and increased remote working.

Greater investment in core network technologies will also support the growth of these capabilities.

Click image to zoom Tap image to zoom

Data breaches in financial services

Now the dust has settled and business is moving to a post-COVID normal, Verizon’s recent Data Breach Investigations Report (DBIR) revealed how the sector fared with cybersecurity impacts.

This year’s DBIR team looked at nearly 80,000 incidents, of which 29,207 met the quality standards. There were 5,258 confirmed data breaches sampled from 88 countries around the world. Once again, the team included breakouts for 11 of the main industries as part of a vertical approach to illustrate not all are created equal in terms of attack surfaces and threats.

Contributors to the report revealed the kinds of attacks suffered by a particular industry is related to the infrastructure they rely on and the kind of data they handle, as well as how people (customers, employees and everyone else) interact with them.

The financial services sector has seen a multitude of changes when it comes to the cybersecurity landscape including a convergence of internal actors and their associated actions with the more nefarious external varieties.

Click image to zoom Tap image to zoom

This year, 44 per cent of the breaches in this vertical were caused by internal actors, a slow but steady increase since 2017. The majority of actions performed by these folks are accidental, such as sending an email to the wrong person - which represents 55 per cent of all error-based breaches and 13 per cent of all breaches for the year.

With malicious external actors, the financial industry faces a similar onslaught of credential, phishing and ransomware attacks as other industries. With regard to data type, personal data comes in first, followed by credentials and bank data - hardly surprising given the focus of the industry.

Finally, the financial services industry continues to be heavily reliant upon external parties for breach discovery, typically via bad actors making themselves known (38 per cent of the incidents) or notification from monitoring services (36 per cent of Incidents).

So what’s next?

Amid the disruption of the pandemic, most business leaders are not, and should not, be letting the need for crisis management prevent them from thinking about the future. COVID-19 infections continue to affect millions and the impacts will be felt for years to come.

Understanding trends and what other companies are doing is crucial to making informed decisions. Data-driven insights provide useful signposts for forward-looking businesses to mitigate risk of future disasters and cybersecurity threats.

Troy Heland is Team Lead for Managed Security Services at Verizon Business Group

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

13 Jun 2024

Businesses must account for EOFY scams

Cosi De Angelis | Head of Transaction Banking, ANZ

As Australian businesses gear up for another demanding end of financial year period, so too do cyber criminals.

24 May 2018

For SME scams, the best defence is defence

Guy Mendelson | Portfolio Lead - Business Owners, ANZ

Australian incidents of business email compromise increased by 230 per cent between 2016 and 2017.