The biggest fear for any bank or financial institution is a Cyber attack infamously knows as Hackings. These kind of threats are becoming more frequent and sophisticated day by day. According to 2015 Data Breach Investigation Report data breached has cost financial institutions an estimated of $400 million of loss with total of 700 million compromised records.
The financial institution are comparatively lot slower to detect incidents compared to other industries. These organizations are rarely capable of detecting these kind of incidents by themselves — they’re either often notified by a law enforcement agency or other third parties such as card companies. The process of detecting incidents are more sophisticated when the attack involves the use of legitimate customer credentials to conduct fraudulent transactions. When any incident takes such a long period of time to identify an incident the attackers can gain unhindered access to systems and can spend more time searching for information and data of value.
Here we have mentioned the five ways for financial institution to boost and improve their cyber-security.
- Take hackers and hacking seriously, way before you become a victim.
Institutions may not take information security as a priority until they become a victim of an incident. Especially in countries like Nepal financial institutions don’t have people whose sole jobs revolve around information security. Banking industry and financial institutions should considered Information Security as an integral part of their system and turn security into a culture more like a habit, starting at the top level with specific oversight and responsibilities. The culture must permeate the organization with employee awareness with making sure that everyone understands that the institution is the steward of highly sensitive data. Always take a unified approach with clear policies and common standards across geographic.
- Check security analysis of third-party vendors who often provide information technology services to banks.
Third-party built applications have become a weak link and full of vulnerabilities within institutions that uses them. These third-party applications are not built with security in their mind and assuming they would reside behind a protected perimeter. But since applications have these application are now accessible from mobile, internet, and into the cloud, firewall and anti-virus technology are simply not enough. Trusted application development procedures that incorporate security forethought are a must; as is the ability to measure a specific application’s resistance to threat.
- Get smart about mobile device security.
“Make mobility a priority”. This growing trend introduces new devices, new operating systems, mobile malwares and of course, new security challenges. Mobile devices are easily lost or stolen, and SIM cards can contain an exorbitant amount of stored personal data. So secure employees’ and partner devices to protect anyone from accessing internal network and processes, educate customers to the risks and preventative measures— like technology to locate or erase data. And work pro-actively with carriers to help protect customers.
- Identify and secure the IT assets themselves and not just the perimeter.
Stop thinking in terms of the perimeter. With social networking, mobility, IT consumerization and cloud computing, the enterprise perimeter has become fluid and extremely porous. It is no longer sufficient to button down the perimeter in hopes of keeping the bad guys out. Institutions need to understand their asset topography.
Questions such as – Where is the critical information? How is it being accessed? Through what channel and by whom? should have definite answers to secure those assets directly thus creating a sense of resiliency throughout the organization.
5. Develop acute situational awareness.
Most importantly, keep ahead of the risks. That starts with a clear understanding of risk across the entire landscape, including the customer environment, partner network, and cloud infrastructure. Assess the impact of that risk on the business. Take measures to manage risk by recognizing backdoor vulnerabilities; identifying chained patterns; expanding the scope of vulnerability testing; leveraging external threat intelligence; and detecting reconnaissance activity. Layer-in multiple sources of information—SIEM logs, application scanner results, chatter on blogs, etc. And make very sure partners are operating to the same standards.
Data breaches and security incidents require rapid response to mitigate impact; therefore, effective preparation or responses require timely and usable information.