Cyber security trends in the Financial Sector

This article was originally published by Global Banking & Finance Review.

 

Companies in the financial sector see the network as a significant security threat.  It’s easy to see why, with both banking and financial services (FS) businesses suffering a huge number of security incidents in the last 12 months – including multiple DDoS attacks – often accompanied by ransom demands and extortion.  No doubt, because of the scale of such threats, the cost of securing the network is by far the biggest security outlay that financial sector organisations must absorb.

Covid-19 appears to be a significant driver of change, sparking a sharp increase in security incidents. It seems likely that the wide adoption of remote working practices during the pandemic has enabled cyber criminals to mount opportunistic attacks. The crisis has left leaders feeling more vulnerable and they are investing more heavily in network security as a result.

In Telia Carrier’s latest research of the banking and financial sector, we spoke to business decision makers in over 130 organisations in the UK, US, Germany and France about their cybersecurity concerns and priorities.  It highlighted several interesting findings including fundamentally that 39% of financial services leaders consider the overall network security threat to be significant. While systems and applications are a marginally higher concern, this could be because they are a critical component of modern banking and trading platforms. Banking leaders (34%) say that they are most likely to be kept awake at night by concerns about logical security, versus 23% of financial services leaders.  Worries over physical network security are similarly elevated in both areas.

It is, perhaps, no surprise that leaders have these concerns when 92% report that they have dealt with over 100 network incidents in the last 12 months – a staggeringly high number.  This is happening despite 41% stating that their biggest cyber investments are in securing the network. The implication of this is that greater work needs to be conducted by financial services and banking organisations when it comes to their assessment of the security services in which they invest to reduce the number of incidents they fall victim to.

The Covid-19 effect

The Covid-19 pandemic has seen a sharp increase in security incidents, leaving leaders feeling more vulnerable and investing more heavily in network security.  58% of financial services companies, compared with 38% of banking organisations, experienced more security incidents through the Covid-19 pandemic, suggesting that financial services companies have been a greater target.  Understandably, this has left nearly half of leaders (48%) feeling more vulnerable to security threats, and 61% have subsequently increased their investment in network security because of the pandemic.

DDoS remains king

DDoS attacks are having a major impact on organisations with 72% reporting that their company has experienced one in the last 12 months and 76% stating they consider it a significant and ongoing threat to their business.  The threat, of course, is not simply the attack itself but the trust lost, financial cost and reputational damage caused.

Where historically some of these attacks were conducted by groups across a range of industries for the ‘glory’ or driven by hacktivist interest, it has become much more common for them to be driven by financial gain.  57% of business leaders say that they have experienced a DDoS ransom or extortion attack in the last 12 months.  Such attacks were more common in financial services where a sizeable 67% had been targeted, compared with 46% of Banking organisations.  14% say that DDoS attacks have posed such a serious threat that they could have undermined their business’s ability to continue.

How can leaders move forward?

We have only discussed some of the highlights of the research here, but overall the research implies that financial services leaders should take account of several key issues when considering enterprise and network security.

While greater investment in cyber security is clearly important, ‘throwing money’ at the issue is not a solution in itself.  It is critical that FS leaders maintain an accurate and up-to-date picture of the threat landscape and target security investments where they are most needed.

Organisations need to evaluate potential security threats throughout their entire ICT ecosystem to combat the growing severity and unpredictability of evolving threats in an increasingly digitalised (and distributed) business environment.

In seeking protection, leaders cannot afford to overlook the risks faced in their core network and should give careful consideration to their choice of network services provider.  In particular, leaders need to consider the following when reviewing their future network cybersecurity needs:

  • The lessons of the Covid-19 pandemic when scaling up their security programs to take account of the constantly evolving (and unpredictable) nature of threats.
  • Business-specific threats – how are cybercriminals specifically targeting banking and financial services businesses and where should the focus on mitigation be?
  • The geographical threat landscape – what are the main threats and vulnerabilities within the geographies in which they operate?
  • The physical security (and potential suppliers) of their own networks and that of suppliers providing underlay – businesses need to look beyond logical connectivity and demand full transparency from their suppliers regarding the resilience of physical network assets throughout the extended supply chain – including their hardware vendors and data centre partners. They must ensure that their network providers have full visibility (and control) of the underlying network infrastructure.
  • Logical network security across the ecosystem – do potential suppliers take a robust approach to routing security and security within their network production environment?
  • All available DDoS protection options – what are the different services available to banking and financial services enterprises, and which ones afford the best protection for their specific needs? Only half (49%) of respondents in the research consider themselves very familiar with the DDoS protection capabilities of their network service provider, with 35% admitting to being only somewhat familiar.

The cyber security challenge for banking and financial services organisations is evolving:  incidents are increasing and the attacks becoming more aggressive.  All this at a time, when financial services organisations of all types are shifting, along with many other sectors, to an increasingly digital presence that relies on smartphones and cloud services to reach business partners, markets and retail customers.  More than ever before, leaders need to respond to the threat, and make sure they are using the best tools at their disposal to protect their customers and the future of their business.

Mattias Fridström, Chief Evangelist

 

Download the full 2021 Financial Sector Network Security Report.

 

Written by Mattias Fridström

Read more posts by

Related articles

Enhanced DDoS visibility for faster mitigation

DDoS attacks continue to plague the industry, with increased activities reported by all major providers. We are not seeing this trend changing any time soon and continue to witness an increase in threat and sophisticated extortion attacks (read more in our DDoS Threat Landscape Report 2021). With this increased activity, it is natural that customers […]

Bridging The Digital Divide and Expanding The Network

This interview with the 5G Talent Talk podcast, hosted by Carrie Charles, was originally published by RCR Wireless News. Listen to the episode here.    I am thrilled about my guest. I always say this, and I love all my guests, but I’m especially excited because I have Staffan Göjeryd. He is the CEO of Telia Carrier. He is […]

Yet again in Gartner’s Magic Quadrant

Telia, through its networking division Telia Carrier, have once again been recognized in Gartner’s Magic Quadrant for Network Services, Global*. Each year, the analyst and advisory firm evaluates global network providers based on completeness of vision and ability to execute. To be included is a rigorous exercise: service providers need to have a global network […]
Cookies

Cookies allow us to optimize your use of our website. We also use third-parties cookies for advertising and analytics. Please read our Cookie Policy for more information.

I accept all cookies Settings
×
Cookies settings

You can enable and then at any time disable optional cookies by clicking the relevant cookie category you accept or reject. All categories contain cookies which imply data transfer to third parties who may combine it with other information that you've provided to them or that they've collected when you use their services. Further information about this processing can be found in the third party's privacy notice. A detailed description of the cookies we use can be found here. More information about our use of cookies please find in our cookie policy.


These cookies are needed for our website to work in a secure and correct way. These cookies enable you to browse in our website and to provide the service you request. Necessary cookies make basic functions of the website possible, for example, identifying you when you log into My Carrier, detecting repeated failed login attempts, identifying where you are in the buying process and remembering the items put into your shopping basket. Your consent is not required for us to set these cookies however, you may disable them by changing your browser settings, but this will affect how the website functions and some essential functionality may not work.



These cookies provide us with information about how our sites are used and allow us to improve the user experience. There are also features that allow us to remember your settings, such as language selection, addresses, etc.



These cookies help us and our preferred partners to display personalized and relevant ads based on your browsing behavior on our website, even when you later visit other (third parties’) websites. Cookies in this category are used to evaluate the effectiveness of our marketing campaigns, as well as for targeted marketing and profiling, regardless of which device(s) you have used. Information collected for this purpose may also be combined with other customer and traffic data we have about you, if you have given your consent that we may use your traffic data for marketing purpose and have not objected to the use of your customer data for marketing purposes.


Approve and save Go back