How financial advisers can up their cyber security game

The Australian financial industry can ensure better improvement in financial security systems by prioritising (and maintaining) strong cybersecurity defences regardless of whether the workforce is in the traditional office setting or in a remote environment. And for financial advisers, the right formulation of cyber technology, solutions, and education is the silver bullet to making that happen.

Recent findings have indicated that so far, the dominant themes of 2020’s threat landscape have been cybercriminal’s quick adaptation to exploit the pandemic. What started as a trickle of phishing campaigns and the occasional malicious app swiftly turned into a surge of malicious URLs and capable threat actors.    

Cybercriminals are leveraging the world’s desire for more information on COVID-19 as an entry point into systems across the globe—and this is of great concern to all industries, including the finance sector. McAfee’s latest Quarterly Threats Report found that attacks targeting the financial sector increased by a concerning 32 percent. McAfee saw an average of 375 new threats per minute and locally, disclosed incidents targeting Asia-Pacific increased by 27 percent. With this in mind, and following the release of the Notifiable Data Breaches Report for January–June 2020, which revealed finance is the second-highest reporting sector, the finance sector is facing a very hyperactive threat landscape that’s showing no signs of slowing down.

The finance sector is at risk of being infiltrated by cybercriminals using COVID-19-themed ransomware, scam URLs and spam designed to lure remote workers into mishandling external engagement and clicking on a malicious link, downloading a file, or viewing a PDF. For those in the finance sector, clicking an unverified linked or opening a malicious attachment can invite malware and breach internal corporate systems—which is incredibly concerning for the finance sector which deals with highly sensitive data and financials.

Organisations in the fin services sector deal with critical, high-stakes information and funds, so it’s important to defend against the surge of cyber threats with data protection solutions that are capable of preventing intellectual property and other forms of sensitive data from being stolen or compromised. 

The enterprise perimeter has not only expanded but pushed the services on edge to anywhere the business takes you – or employees choose to go. To address this, organisations must up-level how they protect cloud based apps, data, and services. A ‘Unified Cloud Edge’ or ‘Cloud Access Security Broker solution’ is an essential piece of armoury to protect both mobile and traditional devices from these threats.

Here are my four practical ways leaders in the financial space can combat cybercrime:

1.      Implement a shared responsibility model: It’s far too easy to assume that security is the sole responsibility of the cloud service provider or institution. In reality, it’s the responsibility of everyone involved – including the financial institution. In each public cloud service type (such as Software-as-a-Service), the cloud provider and customer share different levels of responsibility for security. According to Gartner, through 2025 at least 99 percent of the cloud security failures will be the customer’s fault. Therefore, the onus is squarely on financial institutions to minimise the risk of cloud misconfigurations and manage how employees access and handle sensitive data.

2.      Invest in cybersecurity training: Every employee represents an opportunity for cybercriminals to infiltrate internal systems, which is why financial institutions must implement rigorous cyber training and education for all levels of the business. With remote working conditions in full swing, this is even more crucial to prioritise. From the basics about phishing emails to identifying malicious URLs, leaders in the financial space are encouraged to enhance the knowledge about not only the cyber risks of today but introduce practical ways to stay secure.

3.      Take a holistic approach to your organisation's cybersecurity: With cybercriminals exploiting new entry points every day, leaders in the financial space must be thinking holistically about their cyber strategy. From data governance, to cloud security, and applications, consider each aspect of your business model, operations, and technology that drive you forward, and ensure your cyber strategy covers all bases.

4.      Think about the threats of tomorrow: The type of cyber threats hitting the financial industry is evolving, so leaders must also consider not just the typical cyber threats of today, but think about what’s new, trending or developing in the market. For example, McAfee found that new coin-mining malware increased by 26 percent, so leaders must think about how they secure the future of cryptocurrencies.

To prepare post-COVID-19, the combination of the right skills, solutions, technology, cyber awareness and education, and commitment to building a strong culture of cybersecurity will be the best way forward for the Australian financial sector. A strong culture of cybersecurity will enable cyber resilience—and this is an organisational capability, not a technological one. 

Cyber resilience enables businesses to move from trying to avoid attacks, to a position where they are able to mitigate downtime and keep the wheels churning in the face of an attack. Maintaining a proactive security posture and future-facing mentality is the bedrock to a cyber-resilient organisation—and this should be the goal for financial institutions.

Joel Camissar, Regional Director of MVISION Cloud Asia Pacific, McAfee