Financial Services, Online Banking & Cyber Security

Uploaded on 2022-02-28 in Directors Reports

Directors Report: This is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Banking is changing and going far more online with a new generation of Fintech-led banks becoming established. Digital banks are still where the money is and for cyber criminals attacking their user endpoints, they offer multiple avenues of profit through extortion, theft, and fraud.

Financial institutions provide multiple avenues for hackers to monetise their skills and by 2000 cyber criminals were starting to see the potential of computer intrusions. Since then they have quickly become more organised and technically skilled.

Not only criminals, but nation-states and hacktivists are targeting the financial sector for political and ideological leverage. The threat landscape for financial institutions is again being transformed and the explosion of digital financial services and mobile banking has exponentially expanded the attack surface that criminals can exploit.

At the same time, the creation of new electronic only virtual banks and the proliferation of easy-to-use malware and contract hacker services on the black market has made what were once exclusively nation-state capabilities available to a wide range of malicious actors.

In 2022, the global financial services market is valued at about $22 trillion. This industry has seen steady growth in non-cash payments. Non-cash payments are multiplying due to increasing penetration of Internet and mobile usage in developing countries and a global shift towards immediate payment schemes, which offer instant payments in real-time.

The advances in Internet banking, mobile apps, and instant payments all require new technology and heightened technology use invariably increases an industry’s attack vectors and introduces new vulnerabilities.

The Future Of Digital Banking

Digital banking is the digitisation of every level, from front-to back-end, of banking. This means that digital banks rely on artificial intelligence to automate back-end operations such as administrative tasks and data processing, which in turn alleviates pressure put on employees to complete day-to-day tasks. Not only do digital banks allow users to make account deposits and transfers remotely; but they also provide them with the opportunity to more easily apply for loans and access personalised money management services.

Different sectors often have an electronic banking focus. For instance Mos, a bank focussed on serving students, has opened up access to a pool of over $160 billion in financial aid to the more than 400,000 students within its community. It has evolved from an Edtech business built to help students navigate their way through applying and attending college into a Fintech organisation that can support the same user base through all of life’s similarly complicated demands.The founder of Mos, Amira Yahyaouiintends to expanding Mos into a mainstream challenger bank. “We’re pretty radical about why we’re doing what we’re doing,” she said. “We don’t want to be elitist, we don’t want to do this for a very small category of people because we really want to become the incumbent bank in the US,” Yahyaoui said, starting with students. “That’s the goal.” Mos’ newest funding round, a $40 million Series B that values the company at $400 million, up from a $50 million valuation in May 2020.

New Electronic 'Virtual' Banks

The new-age influential technologies such as robotic process automation (RPA), artificial intelligence (AI), Internet of Things (IOT), blockchain and shared infrastructure are set to drive profound changes in the banking landscape.
Digital banking or Digitalisation of a bank has radically altered the landscape of banking in the last few years. Digital technologies which were initially limited to banking channels, now encompass the entire banking spectrum.
So, whether it is back-end operations or customer facing channels, digital banking delivered through new-age technologies is the way forward for all participants in the financial service industry.

The banking sector has undergone distinct phases of digital transformation in the last few decades.

The first transformation was a conversion to electronic backroom operations, leading to an efficiency and automation led model that made banking more transactional and technology-centric. And now banks have started focusing on improving customer convenience through the use of ATMs, call-centres, telephone amd mobile banking delivered using Apps.

Ten Of The Largest Digital Banks

The top 10 biggest digital banks are a mix of start-ups and companies from four different continents and all but one were founded in the last 10 years. Seven founders are still CEOs of their companies and the total valuation of all 10 companies is $72 billion.

1. Nubank The biggest digital bank in the world is Nubank from Sao Paulo, Brazil, and has the potential to become even bigger as the Brazilian market is still underserved with a third of the population not having a bank account.

Founded in 2013
Based in Sao Paulo, Brazil
CEO David Vélez
$25 billion valuation
$1.5 billion raised (last one at $400 million on Jan 28, 2021)
Retail and business
40 million customers

Recognised as the largest Fintech business in Latin America, the Brazil based Nubank was founded in 2013 by Colombian David Vélez, Brazilian Cristina Junqueira, and American Edward Wible. The biggest online bank in the world rolled out its first product, a credit card, in 2014. It was the only financial product that they could launch at that time as they couldn’t acquire a banking license in Brazil because the law was barring foreign bank ownership. This was the perfect entry into the lucrative Brazilian banking market as credit card interest rates were up to 400% a year at the time. It was easy for them to lure in new customers with invitation-only applications and by offering a credit card without any fees that you could apply for online and get in only two days.

By 2016, Nubank already had 1 million credit card customers with hardly any money spent on marketing. The company did not received its full Brazilian banking license until May 201, by presidential decree. Many digital banks and e-commerce stores saw a big surge in applications and sales during the pandemic and Nubank was no exception as its revenue nearly doubled, to $963 million in 2020.

The São Paulo–based Nubank now has around 35 million customers and has raised a total of $1.5 billion with its latest funding of $400 million on Jan 28, 2021, from a Series G round. This puts the company at a $25 billion valuation making David Vélez, Nubank’s founder and CEO a cool $5.2 billion with a 23% stake in the company. Of course, Nubank isn’t sleeping on piles of cash, it started rapidly expanding across Latin America starting in 2019 with Argentina and Mexico and moving into Vélez’s home country of Colombia in 2020.

They have no plans of expanding to the (over)crowded US market at the moment although they might take Nubank public there. All of this is easily making Nubank the biggest digital bank in the world with more than $10 billion ahead of the number two on the list.

2. Chime Chime is the most valuable American Fintech start-up serving retail consumers, was founded in San Francisco in 2013 by Chris Britt who is still the company’s CEO, and Ryan King (CTO).

Founded in 2013
Based in San Francisco, USA
CEO Chris Britt
$14.5 billion valuation
$1.3 billion raised (last one at $485 million in September 2020)
Retail
12 million customers

The company was launched in 2014 with a Chime credit card with a guaranteed $5,00 spend and has grown fast to become a leading 'challenger bank' with the most online users in the US market, with 12m customers and a 50% growth through the pandemic. The bank focuses on US residents who earn between $30,000 and $75,000 a year that have recognized that they can save significant amounts of money with a digital bank that has no fees. According to the CEO the bank is “more like a consumer software company than a bank,” that mostly makes money when customers swipe their debit and credit cards.

This is in contrast to big banks that make most of their money on fees, penalties, and loans. Chime overtook the trading platform Robinhood as the most valuable US consumer Fintech when it raised $485 million in Series F in September 2020 at a $14.5 billion valuation.

3. SoFi Sofi, which stands for Social Finance, was founded in San Francisco in 2016 by four Stanford business school students; Mike Cagney, Dan Macklin, James Finnigan, and Ian Brady.

Founded in 2011
Based in San Francisco, USA
CEO Anthony Noto
$9 billion valuation*
$3+ billion raised (last one at $369.8 million in January 2021)
Retail and business
7.5 million customers (card and loan)

Their first product was a loan program – a two million dollar pilot at Stanford that was all about connecting recent grad students with alumni. Today, SoFi is engaged in everything from mortgages to credit cards, to trading fractional shares and cryptocurrencies on its platform. In October 2020, SoFi secured conditional approval to establish a full-service national bank. SoFi is expected to go public via Chamath Palihapitiya’s SPAC Social Capital Hedosophia Holdings Corp. V. and will be valued at nearly $9 billion after the deal.

Palihapitiya commented that, “SoFi’s innovative, member-first platform has demystified financial services for millions of Americans and simplified the process for those looking to apply for loans, invest their money, obtain insurance and refinance their debt, among many other tasks that were previously arcane and needlessly complicated... SoFi has said they will be merging with a SPAC in order to go public at a $9 billion dollar valuation at the end of the first quarter of 2021.

4. Tinkoff Moscow-based Tinkoff Bank was founded in 2006 as Tinkoff Credit Systems by entrepreneur Oleg Tinkov who invested around $70m in the project. It rolled out its first credit cards in 2007 and attracted attention from big-shot investing firms like Goldman Sachs.

Founded in 2006
Based in Moscow, Russia
CEO Oliver Hughes
$17 billion valuation
$1.6 billion raised ($1.1 billion IPO in October 2013)
Retail and business
13 million customers

Tinkoff re now the second-largest credit card issuer holding 14% of Russia’s credit card marketfollowing the saw the launch of their mobile banking platform in 2011and after raising $90 million in 2012, they were ready for IPO on the London Stock Exchange that brought in a further $1.1 billion. The company finally rebranded to Tinkoff Bank in 2015 and is probably the only challenger bank that has been consistently profitable since its early days in 2009.

It’s now offering so many services that it’s dubbed the online financial supermarket. Some of its products include a mobile network, insurance, banking, investments, travel, and loyalty programs. Tinkoff bank has won Global Finance’s Digital Bank Awards 2020. It too profited from the pandemic as its customer base grew by 3 million users to 13.3 million in 2021.

5. Revolut Fintech startup Revolut was founded in 2015 by Nikolay Storonsky and Vlad Yatsenko and was originally based in the well-known Level39 incubator in Canary Wharf. It is still headquartered in London.

Founded in 2015
Based in London, England
CEO Nikolay Storonsky
$33 billion valuation
$916 million raised (last one at $580 million in May/July 2020)
Retail and business
15 million customers

Since its beginnings as an app and a prepaid card, Revolut has became a household name by enabling people to spend abroad without paying high foreign exchange fees. This launched them into the digital banking stratosphere as it became the UK’s first digital bank unicorn in April 2018. It has since expanded all over Europe and further to Australia and Singapore in 2019 and they launched services to US customers in 2020.

Like Tinkoff, Revolut is trying to offer a comprehensive financial app that will offer its users the ability to sign up for a plethora of banking, insurance, travel, and investing tools. Alongside dedicated investing apps like Robinhood, Revolut has popularised investing in stocks, commodities, and cryptocurrencies. Revolut has now over 15 million global users and is valued at $5.5 billion. 2020 was a big year for them, as it was for other neobanking companies, as Revolut raised 580 million dollars that they will reportedly use to focus on improving its platform for existing users as well as revenue.

6. N26 N26 was founded in 2013 by Valentin Stalf and Maximilian Tayenthal as Number26, referring to the 26-sided Rubik’s Cube. It has since been rebranded as N26 Bank since it received its banking license in 2016.

Founded in 2013
Based in Berlin, Germany
CEO Valentin Stalf
$3.5 billion valuation
$819 million raised (last one at $30 million in February 2021)
Retail and business
7 million customers

N26 launched with only an app and a debit card.Before gaining its full banking license in 2015. By 2021 the company just reported their 7 millionth customer across 25 markets in Europe and the US and has aised more than $800 million to date, from investors including Chinese technology firm Tencent and billionaire investors Peter Thiel and Li Ka-Shing. N26 left the UK market in 2020, blaming Brexit, although the company struggled to acquire a meaningful number of customers there. The bank is set to hire 200+ people in 2021 and perusing acquisitions of companies that will further fuel their organic growth. N26 is going to expand into Brazil where it has acquired a banking license.

7. MoneyLion MoneyLion was founded in New York City in 2013 by Wall Street investment bankers and tech specialists Dee Choubey, Chee Mun Foong, and Pratyush Tiwari.

Founded in 2013
Based in New York City, USA
CEO Diwakar Choubey
$2.9 billion valuation*
$227 million raised (last one at $100 million in July 2019)
Retail
7.5 million customers

MoneyLion began by firts offering lending and investment services and financial advisory to consumers. It later started offering digital banking services too. By 2019, it had an all-inclusive subscription bundle that included a checking account and a Credit Builder Plus membership with managed investing and cash advances priced at $19.99 per month. As of July 2020, MoneyLion has unbundled its offerings making it easier than ever for users to avail of its checking account or investing for example.

Since its launch in 2013, MoneyLion had 7.5 million users and has earned its members’ trust by building a full-service digital platform to deliver mobile banking, lending, and investment solutions.

8. C6 Bank This Brazilian startup was founded only in 2018 by Marcelo Kalim, Leandro Torres, and Carlos Fonseca, former BTG executives with the goal to emulate the success of Nubank.

Founded in 2018
Based in Sao Paulo, Brazil
CEO Marcelo Kalim
$2.1 billion valuation
$269 billion raised (last one at $252 million in December 2020)
Retail and business
4 million customers

C6 has had two rounds of investment for a total of $269 million. C6 has grown quickly by acquiring the payment company PayGo and the exchange platform Besser Partners in 2018, as well as the payment solution provider Setis and insurance distributor Som.us in 2019. C6 Bank has headquarters in São Paulo, a bank in the Cayman Islands, a brokerage in New York, and another one in São Paulo. It is set to expand its 1,400 employees and 325 business consultants.

With around $930 million in assets and a credit portfolio of around $700 million, C6 is expected to achieve profitability in 2021, as it prepares for listing on the Brazilian stock exchange.

9. Monzo One of the earliest digital banks to hit the UK, Monzo was founded in 2015 by Tom Blomfield, Jonas Huckestein, Jason Bates, Paul Rippon, and Gary Dolman under the name Mondo. The group of founders were all former Starling Bank executives.

Founded in 2015
Based in London, England
CEO TS Anil (UK), Carol Nelson (US)
$1.6 billion valuation
$595 million raised (last one at $69 million in February 2021)
Retail and business
5 million customers

The digital banking app set a record in 2016 when it raised £1 million on the equity crowd-funding platform, Crowdcube and by 2018, Monzo had reached one million customers with the total number of customers which has since grown to almost 5 million. Founder Blomfield later stepped down as CEO and Carol Nelson, who previously spent 10 years as CEO of Cascade Bank, was appointed the CEO in February 2021.

Monzo's progress has not been smooth, reporting an annual post-tax loss of £113.8 million in 2020. They also had to furlough and lay off staff, and close their Las Vegas office. All of this made Monzo’s valuation drop from $2.6 billion in 2019 to $1.6 in 2020 with another one of the founders dropping out. However, Monzo is still considered to be a serious competitor in both the UK and US markets.

10. Judo Bank Australian digital challenger and their newest unicorn, Judo Bank, was founded in 2016 by David Hornery and Joseph Healy who also serve as co-CEOs. Judo got its banking license in 2019 and started out by focusing on Australia’s SMEs but is now also offering term deposits to regular Australians.

Founded in 2018
Based in Melbourne, Australia
CEO David Hornery and Joseph Healy
$1.6 billion valuation
$1.7 billion raised (last one at $216 million in December 2020)
Business
10, 000 customers

From the challenger banks on this list, Judo has the least number of customers, standing at around 10,000 and that’s because they aren’t focusing on the retail segment. The business sector is very lucrative and tenjoys strong investor support. The bank has a recent valuation of $1.6 billion, an increase of 60% from its valuation a year ago.

Attacks On Financial Services

Financial services such as banking, credit unions, credit card companies, insurance companies and investment firms are entrusted with the personally identifiable information (PII) of their customers and clients. This information includes home address, Social Security number, banking details, phone number, email address, and income information.

The high value of this data on the Darknet makes this sector an attractive target for cyber criminals.

Cyber criminals are targeting financial institutions. The Securities and Exchange Commission, Equifax, HSBC, Lloyds Banking Group, JPMorgan and countless other lesser-known financial institutions have all come under attack. Overall, financial firms are 300 times more likely to be targeted than other companies. Across the financial services, it is banks that are the largest segment cyber incident data, representing 40% of the records.

Out of financial services organisations, banks saw more Denial of Service (DoS) attacks (41%), which is five points above the average of 36%. However, they also saw fewer password login attacks (41%), which was five points below the average of 46%. One possible reason for this is that banks have better antibot controls in place, which mitigate password login attacks, and thus see fewer attacks than the average financial organization. Web attacks make up 6% of the reported bank security incidents, which is on par with the average.

Researchers at ThreatFabric have reported that they have discovered a new banking trojan being sent out by the same cyber criminals that less than two years ago distributed the damaging smishing campaign called Cabassous, also known as FluBot. This new malware variant has several of the same distinctive features as the FluBot trojan. In January 2021, the Threatfabrics' research team also identified Anatsa, a more powerful and pernicious trojan than FluBot.

The growing number of cyber attacks against financial services companies is a reflection of how this sector has turned to technology to solve many of the problems it faces. To increase market share, many financial institutions rely on big data. Tapping into social media, consumer databases, and news feeds can help financial firms better understand their customers and attract new ones.

The inherent risks associated with technology create pressure on the education and training sector to supply produce enough highly skilled cyber security professionals in the race to stay on top of cyber threats and the financial industry suffers a chronic shortage of empoyees with the right cyber security skills. The University of San Diego says, “While financial institutions know security is an issue, many of them aren’t prepared and don’t know how to combat the increasingly sophisticated tactics of cyber criminals.

As RSA has explained, “Recent surveys paint a picture of an industry that sees the writing on the wall but often finds itself working with the technological equivalent of whiteout.”

Cyber Security In The Financial Services Industry

The financial services industry needs more qualified cyber security professionals. All business sectors struggle with the current cybersecurity skills shortage, but financial services companies are often high profile targets and must be particularly vigilant when it comes to cyber security. As the gatekeepers of valuable customer PII, financial institutions are subject to an ever-increasing number of cyber security rules and regulations. With pressure from regulatory agencies and the need to protect brand reputation, financial firms are motivated to provide significant investment and collaboration to improve cyber security preparedness, response, and resiliency across the sector.

There are two types of financial services companies. Those that have experienced a cyber attack and those that will experience one in the future.

Financial services companies face a major challenge in protecting customer data and many have experienced multiple breaches. In the decade from 2009 through 2019, some of the most recognisable names in this sector were breached on more than one occasion. American Express and SunTrust Bank were breached five times, and Capital One and Discover were breached four times each during this period.

According to the IBM Security Cost of a Data Breach Report, in 2019, the average cost per breach within financial services was $5.86 million. This cost per breach is second only to the healthcare industry and is nearly one and a half times that of the public sector.

Hacking and malware are the leading causes of data breaches in financial services. However, insider threats and accidental disclosures are both growing. Rising cloud adoption is expected to increase these threats over the next several years. Commonly accepted statistics for this sector indicate that 75 percent of breaches involve hacking and malware, 18 percent accidental disclosure, 6 percent insider threats, and 2 percent physical breaches. Consumers have little direct risk from cyber attacks on financial institutions. As long as they use reasonable safeguards to protect their information, consumers are protected by US federal law that requires banks to refund customers if they notify the bank within 60 days of an errant transaction appearing on their statement.

In the US, banks have only limited support from the Federal government. The US Department of the Treasury’s Financial Stability Oversight Council is charged with monitoring the stability of the national financial system and critics claim that this council is not doing enough to plan for cyber attacks that may threaten the solvency of major banks. In particular, the increasing use of rented cloud data servers has a corresponding impact on data security.

Capital One Breach

A case that illustrates the security complexities added by incorporating third-party servers in an organisation’s computing infrastructure is that of the massive data breach suffered by Capital One in 2019. Fox News reported, “Authorities claim a Seattle software engineer was responsible for the hacking of Capital One and obtained the personal data of over 100 million people in what appears to be one of the biggest breaches of a big bank in history.” The suspect, Paige Thompson, 33, was apprehended in Seattle after carelessly leaving clues about the breach on the Internet and social media sites. According to the US Attorney’s Office, “Thompson posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data. The intrusion occurred through a misconfigured web application firewall that enabled access to the data. “On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI.”

The Fox News report said, “A Capital One source told Fox News that the 100 million people affected by the hack include every existing customer, every previous customer and anyone who’s ever applied for a Capital One card.” Brian Krebs, a leading cyber security researcher, said “data included approximately 140,000 Social Security numbers and approximately 80,000 bank account numbers on US consumers, and roughly 1 million Social Insurance Numbers (SINs) for Canadian credit card customers.” Krebs quoted Ray Watson, a cyber security researcher at cloud security firm Masergy, “The attacker was a former employee of the web hosting company involved, which is what is often referred to as insider threats,” Watson said. “She allegedly used web application firewall credentials to obtain privilege escalation. Also, the use of Tor and an offshore VPN for obfuscation are commonly seen in similar data breaches.”

At the time of the breach, Thompson was employed as a software engineer at Amazon and Capital One’s data was hosted on a server rented from Amazon.

Malicious behaviour by insiders, such as was the case here, is more difficult to control when data is hosted on a third-party server. Financial services companies, like many other firms, find it economically beneficial to outsource computing infrastructure. This additional complexity increases pressure on security teams to find solutions that mitigate insider threats and include their rented cloud infrastructure.

Regulation & Compliance

Today’s world is rife with complicated and sophisticated schemes to steal money. Nothing is quite as appealing to the criminal mind than to electronically divert funds from someone else’s account into one they control. As attacks increase, regulators take notice and take measures to increase the pressure on the industry to find solutions.

Regulatory and compliance requirements are, at once, a significant challenge for the financial sector and the single most important reason that consumers trust the industry with their money.

According to the financial audit firm KirkpatrickPrice website in just the last two years, and in addition to existing cyber security regulations, the financial industry has had several additional regulatory oversight requirements:

New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 of Title 23.

US Securities and Exchange Commission (SEC) issued interpretive cybersecurity guidance.

National Cybersecurity Center of Excellence (NCCoE) released the NIST Cybersecurity Practice Guide.

24 US states passed bills or resolutions related to cyber security.

Third-party vendors are a big part of the financial sector and the industry comprises multiple business partners working together to provide the appearance of a cohesive set of services. Managing vendor risk is a critical challenge the financial services industry faces. Behind the scenes at every large well-known financial service provider are many smaller companies providing a myriad of business services. The process of vetting, auditing, and managing each of these companies introduces additional cyber risk to the equation.

More and more consumers demand cashless and frictionless financial services. They want apps that are easy to access, yet secure. They want to send and receive funds electronically with just the click of a button but need those transactions protected against attacks. It can be a challenge for financial services companies to keep abreast of the latest in computer and application security technology, this all fuels the industry’s need for highly skilled security professionals.

Cyber Security Solutions For Financial Services

The financial industry struggles to keep pace with technological innovation. Legacy systems that would be costly to replace, while only an inconvenience to customers, may pose a significant threat to financial institutions. Hackers often benefit from new technologies that make it easier to attack legacy systems. As an example, many financial institutions have not yet instituted two-factor authentication (2FA). For banks, 2FA is most commonly accomplished when a bank sends a temporary code to the customer’s cell phone, which is needed to log into their account.

In this scenario, the hacker would need to have access to both the computer or account credentials and the cell phone. Several banks don’t use 2FA for account login. The reason most often cited is that their customers find 2FA inconvenient. To make possible the convenience customers demand, firms must employ the latest in computer science technology. App and software developers are under pressure to improve the customer experience, and security sometimes lags in the development process.

Security professionals with the latest programming and security skills are needed to effectively sustain a DevSecOps environment where the responsibility for security is shared across all aspects of development and operations.

Building on a paradigm that there is an infinite number of illegitimate or malicious behaviours that bad actors can employ to attack a target but a finite number of legitimate activities that should be allowable on financial systems, companies, such as Nyotron, have developed methodologies for protection against even zero-day exploits.

These new O.S. centric technologies act like a white list of acceptable behaviour and prevent all system behaviour that does not follow a prescribed set of functions in a reasonable sequence. This method prevents behavioural anomalies and as a consequence, many cyber attacks.

Financial services leaders must recognise that hackers will always find ways to exploit vulnerabilities.

These vulnerabilities may be in computer systems and networks, or they may be in processes and procedures. Constructing a tech firewall is just the first line of defence. Study after study shows that the weakest link in cyber security is human behaviour. Social engineering is a favourite tool for cyber criminals. Phishing emails have, for decades now, opened the opportunity to download malware.

Social media platforms are being used with increased frequency as the tools of choice for cyber criminals attempting to find information that can be used to groom or leverage employees of financial institutions. After building a relationship with or exploiting an employee at the targeted organisation, scammers begin to exert pressure to gather credentials or other sensitive information to allow the installation of malicious software.

Many financial institutions find value in creating internal or hiring external penetration teams. Red team, blue team exercises can expose cyber vulnerabilities while providing invaluable training for the internal cyber defenders.

Conclusion

Second only to healthcare in the hierarchy of most cyber security attacks, the financial industry is the target for cyber criminals attracted by the sensitive data that banks hold about their customers. Regulators keep a watchful eye on cyber events in this sector and stand ready to apply evermore onerous rules and regulations. Customers expect a seamless, frictionless, cashless experience using the Internet and mobile apps. And, like all industries, financial services suffer from the global cybersecurity skills shortage.

These facts culminate in what could be termed the perfect storm of conditions for cyber threats. Under the prevailing conditions, this sector should be applauded for providing a level of protection that most customers find acceptable. However, many fear that the underlying costs of compliance and resilience may, in the end, be too much for some financial service providers. If this happens, only the largest may survive, decreasing competition in the sector. This does not bode well for consumers in the long run.

The traditional retail financial services market is ripe for innovation that will transcend the current conditions and provide a more secure method of providing financial transactions securely.

IT defences continue to evolve, but attackers do not give up, they adapt. Better employee cyber security training, a growing cyber workforce, greater investment, and new technologies have given financial institutions more tools to defend their networks. However, attackers continue to find new ways to cyber attack, and law enforcement’s capacity to bring attackers to justice remains currently out-dated and very limited and so organisations must take cyber security as top of the strategic and practical action list.

References:

F5 Labs: Techcrunch: Capital Banking: CSIS: CSIS: Cyber Security Guide:

University of San Diego: SC Magazine: Threat Fabric: KirkpatrickPrice: IBM:

US Dept. of Justice: KrebsOnSecurity: SEC:

For information & recommendations on cyber security training, please Contact Cyber Security Intelligence.