As our economy embraces digitalization and countless connected devices accompany us in our professional and private lives, cybersecurity has become a key challenge, especially for the financial sector. Thus, it is appropriate that a major topic at this year’s Frankfurt Finance Summit, titled Europe Reloaded – Challenges for the Financial Sector, will focus on cybersecurity and innovation. Data breaches and cyberattacks can potentially result in millions in losses and severely damage brands. In February 2016, cyber criminals attempted to steal $951 million from the Bangladesh Bank and succeeded in absconding with $101 million. Beginning in 2015, Kaspersky Labs reported that the Carbanak group had infected computers in more than 100 financial institutions, allowing them to manipulate account balances, transfers and remotely control ATM machines resulting in the theft of up to $1 billion (Kaspersky Labs CEO, Eugene Kaspersky will be delivering a keynote at this year’s Frankfurt Finance Summit). These cyberattacks on organisations and governments are growing rapidly in both complexity and frequency, challenging them to re-evaluate their approach to safeguarding against cybersecurity threats.
Theft of funds are not the only tangible costs of an attack. Data breaches can endanger customer data, trade secrets, industrial equipment and even personnel. Cybersecurity Ventures’ analysts estimate that Cyber Crime cost $3 trillion in 2015 worldwide and expect these costs to rise to $6 trillion by 2021. Considering these massive costs, addressing these threats has become regular discussion in board rooms across the world. The same Cybersecurity Ventures’ analysts report that $120 billion will be spent in 2017 on cybersecurity products and services and expect this spending to exceed $1 trillion cumulatively from 2017 to 2021. Due to increasingly complex attacks and levels of interconnectivity of business processes, just a strong castle wall no longer offers the necessary protection.
Cameron Brown (@AnalyticalCyber), a trusted cyber defense advisor and information security strategist who consults for the risk advisory practice of EY across Germany, Austria and Switzerland. He explains that there is a paradigm shift occurring within corporations as “security incidents and data breaches are literally decimating consumer trust, irreparably damaging brands, and causing stocks to plummet overnight.” Companies who recognize this new reality are making massive investments in Security Operations Centres and Threat Intelligence to enhance early detection and proactively identify vulnerabilities. Brown observes that “boards are increasingly receptive to adopting holistic strategies to secure their informational assets. In-house security teams are being equipped with tools to enable greater visibility across the environment and foster more effective collaboration when responding to security incidents globally.” Per Brown, the risks associated with third party providers are recognized as a significant source of vulnerability. He adds that “organizations seeking to maintain their competitive edge in the market are investing in technology to detect and deflect external threats and developing the resiliency of their people to withstand and eradicate threats that have moved inside the enterprise.”
Cybersecurity is especially relevant for FinTech
Considering the tens of millions of transactions, trades, and sensitive data transferred every day, the cybersecurity challenges for the financial sector are immense. At the same time, digitalization is occurring at an unprecedented pace. Reconciling cybersecurity concerns with new, innovative applications and systems can be an especially formidable undertaking. Utilizing third-party applications and services is a common practice and these integrations can introduce potential vulnerabilities into an environment. These concerns are particularly relevant for FinTech companies whose applications are often connected through banks’ APIs. Brown says, “some players are contentiously baking robust security into their solutions, whilst others are falling short of the mark. The development lifecycle is aggressive, expansive, and highly dynamic.” The senior advisor asserts that many products are ill-equipped to withstand targeted and persistent cyberattacks; and maintains that “innovators and entrepreneurs must reprioritise security to avoid short-sighted pitfalls associated with rushing to market without sufficient product testing and evaluation.”
However, some FinTechs are also contributing to improving cybersecurity, like 2016 Golden Garage winner, WebID Solutions, who facilitates secure online-identification. Brown notes that “ongoing and proactive dialogues between entrepreneurs and regulators are critical for cross-pollinating awareness and engendering understanding of the technologies which underpin FinTech solutions and give rise to security vulnerabilities.” The cybersecurity expert explains that this collaboration also informs the development of measured regulatory frameworks which serve to enhance rather than thwart creativity and resourcefulness. “Open channels of communication can also benefit entrepreneurs by assisting them to forestall issues concerning privacy, consumer protection and the impact of trans-border complexities,” explains Brown. He strongly urges that before going to market, FinTech firms perform thorough risk assessments of their data protection needs, with emphasis on confirming where data resides and charting the course through which their data flows, including third-party facilities.
Staff and business units act as the first line of cybersecurity defence
As corporations invest in technology and human capital to mitigate and minimize potential risks, it is important to communicate with employees on how they can make a difference. Cameron Brown explains that a fundamental hurdle many organisations face is raising security awareness among staff and leadership. “The CIO is the lynchpin who must help the organization to navigate the threat landscape and leverage data movement to maximise revenue. To accomplish this task, CIOs need a multifaceted skillset to ingest operational, legal, regulatory and compliance issues which impact both IT and business environments. CIOs must predict threats and champion the implementation of new risk models.” In organisations, large and small, educating staff on potential dangers they may encounter daily could help prevent costly intrusions. Brown adds that cyber security is a whole-of-business issue which mandates a whole-of-business approach. He emphasises that “security awareness and training initiatives for staff, including exercising business continuity plans, are vital components to empower staff and business units, who are the first line of defence.”
At this year’s Frankfurt Finance Summit, the second panel and keynote by Eugene Kaspersky will focus on Cybersecurity and Innovation. Joining Kaspersky on the panel chaired by international economist Cornelia Meyer will be Felix Hufeld, President of BaFin, Andreas Dombret, Deutsche Bundesbank Executive Board Member, and Daniel Domscheit-Berg, author and former WikiLeaks spokesperson.