| Press Room| 3 Ways A Security Risk Assessment Can Protect Finance Firms
3 Ways A Security Risk Assessment Can Protect Finance Firms
April 2, 2020
3 min read
If your business involves managing other people’s money, investments, real estate, or insurance, buckle up. The financial sector is a juicy target for hackers, and your security risk assessment may be suffering. In 2017 alone, the number of cybercriminal attacks on financial firms grew 70 percent, according to Market Expertz data.
Additionally, a Deloitte survey of 51 U.S.-based CIOs of financial firms found that most believe they’re not spending enough on security, especially when it comes to initiatives to improve company culture regarding cybersecurity. Every business faces endpoint security risks, but the top threats vary across industries. This is just one of the many reasons why a security risk assessment was an essential security budget item for 2019.
A recent industry threat analysis revealed finance and banking firms faced 40,000 distinct examples of Trojan botnets and new physical tampering risks, like ATM jackpotting. To establish a system for dealing with threats like these, think like a hacker and don’t overlook a single endpoint in your network.
3 security priorities for the finance industry
1. Advance authentication measures
Everyone has recycled a password at some point. The average adult has to remember passwords for 92 different accounts, according to Ricardo Villadiego of Forbes, which is why hackers love to reuse and recycle passwords between data breaches.
“The password was never really intended to be the backbone of a robust cybersecurity strategy; it was created more than a minor deterrence to accessing sensitive data,” writes Villadiego. And when you’re dealing with other people’s money at a financial institution, the stakes are too high to protect your sensitive assets with a “minor deterrence” that can easily be cracked with brute force or a phishing attack.
Authentication has evolved to include newer methods of user verification. Users hate friction, but you can keep the bad guys out without annoying your users or leaning too heavily on username-password combinations. A security assessment may reveal use cases for biometric authentication or passwordless authentication methods that could be built directly into endpoints. HP’s Printer Software Solutions protect sensitive data with several passwordless authentication methods that can integrate with your Active Directory, including PIN, LDAP or Kerberos authentication.
2. Empower and educate employees
The biggest, riskiest endpoint on your network is human users, HP Head of Security Michael Howard often notes. Among industries, healthcare faces the single highest rate of cybercrime due to human mistakes, but financial services have their own unique human risk factors.
When you’re dealing with strict regulatory requirements, there’s more room for error. According to one analysis by Buguroo, the financial industry may even attract a relatively rare form of internal threat: employees who act with deliberate malicious intent to steal financial data.
Solid analytics systems are crucial to understanding any internal or external threats facing your organization. Employee education is also key to making sure all end users are acting safely and responsibly. The Deloitte survey of finance CISOs emphasized that the goal of education programs should include:
Empowering all employees to understand their roles
Reporting red flags
Maintaining strong security hygiene, and
Limiting damages when incidents occur
3. Strengthen endpoint security
Mobile, cloud, and analytics development are the top three priorities for finance CISOs between 2019-2021, according to the Deloitte survey—especially with respect to integrating these items with their cybersecurity systems. These plans are highly advisable, as hackers love targeting endpoints in the financial sector with DDoS botnets and physical tampering, and the smartest first line of defense would be to adopt smarter endpoints with greater protections.
Performing a security risk assessment can reveal the true weaknesses in your network and allow you to upgrade wisely to endpoints that are engineered to think like a hacker. HP offers printing and workflow solutions designed specifically for the financial sector that simplify the complex task of cybersecurity with embedded features that can help businesses detect and measure threats, as well as self-heal.
Smarter endpoint security for finance
Is the finance industry doomed to experience expensive hacks in 2020? Definitely not. Think like a hacker and strengthen your authentication methods, cyber defense knowledge, and network security by moving beyond passwords, investing in education, and upgrading to secure endpoints. Reach out to the Managed IT at Novatech for a complimentary assessment.