Financial institutions spend three times more on cybersecurity than other industries, according to a new report by Kaspersky Lab.
This critical investment in cybersecurity is warranted as cybercrime continues to plague the industry. With record-breaking numbers of data breach events – and the growing sophistication of phishing scams – cybersecurity threats relentlessly target both financial institutions and the accountholders they’re responsible to protect.
The financial toll of these threats is substantial, to say the least. Last year, the financial services sector incurred an estimated cost of $18.28 million due to cybercrime – significantly higher than the $11.7 million average cost among other industries.
The Kaspersky Lab report also found that financial institutions were actively working to minimize risks. Nearly two-thirds (64 percent) of financial institutions aim to improve their cybersecurity, regardless of the return on investment.
Is an Increased Investment in Cybersecurity Enough?
This determination to outspend on cybersecurity has been the standard for some years. But it’s not without its caveats:
A recent report by Accenture found that overconfidence is alarmingly prevalent within the industry. Nearly 4 in 5 security executives expressed confidence in their current cybersecurity strategies, and 76 percent said cybersecurity has been effectively embedded into their financial institution’s corporate culture.
However, in practice, current cybersecurity protocols rarely live up to these perceptions. The typical financial services organization faces an average of 85 targeted data breach attempts annually. Roughly one-third of those attempts are successful.
Additionally, these figures do not encompass the wide array of small-scale threats — the most costly of which is distributed denial-of-service (DDoS) attacks. These operation-halting schemes carry an estimated cost of $227,665 per attack for banks and credit unions.
The fact of the matter is that simply throwing money at this problem won’t make these threats go away. Criminals are getting smarter and financial institutions must take a similarly strategic approach if they want to stay ahead of cybercrime.
A Full Circle Investment is the Right Approach
Financial Institutions are investing in cybersecurity as well as their accountholders financial health. To maximize your cybersecurity return it’s important to diversify your services.
EZShield’s tech-enabled platform extends into three areas that compliment your products and can easily be expanded as needed.
This means going beyond the investment in infrastructure to investing in the knowledge and security of your accountholders.
Address the Gaps: 4 Key Cybersecurity Investments
The current state of cybercrime requires organizations to be dynamic and thorough in their cybersecurity initiatives. A smart investment in cybersecurity begins with knowing the greatest threats to your organization and accountholders.
1. Focus on the Basics
The banking industry excels in defending against high-tech attacks but falls short when it comes to more familiar schemes. While major malware attacks like WannaCry and Petya ravaged businesses worldwide, the financial services sector was well equipped. In fact, malware attacks were the least costly attacks among financial institutions. The costliest types of attacks were instead, DDoS attacks, phishing and social engineering scams, and malicious insiders.
These attacks can be addressed through consumer-facing education and employee training. While the basic premise of such attacks remains the same, the slight variations are growing increasingly sophisticated. Some experts even suggest that criminals will begin leveraging artificial intelligence to further their schemes.
2. External Data Breach Response Plans
More than 178 million sensitive records were exposed in data breaches in 2017. These files contained personally identifiable information (PII) such as names, Social Security numbers, passwords and payment card numbers. They often allow criminals access to financial accounts — resulting in direct losses for financial institutions. It’s important to understand your organization’s role in defending against threats, even if they fall outside of your traditional realm.
Monitor for the latest breaches through information sharing and third-party providers who actively track breach events. EZShield constantly monitors the industry for these events and distributes detailed information on protecting sensitive data. Additionally, you should provide individual Internet monitoring services that scan for accountholder’s PII on known black market websites. Back these services with comprehensive identity protection, such as fully-managed restoration, to mitigate losses as soon as an external threat is detected. These services will also instill confidence in your accountholders and help strengthen accountholder loyalty.
3. Cyber Resilience Practices
Most cybersecurity spends are dedicated to prevention. But a comprehensive plan must include ways to isolate attacks and mitigate financial loss. It’s critical that banks and credit unions understand that even the best protection does not make them immune to data breaches. A plan must be in place to protect your brand and bottom-line. This includes methods to isolate attacks while in-progress, detect compromises faster and deploy restoration initiatives in the event of an attack.
While your internal IT team can lead this comprehensive approach, external vendors can be your best asset in developing resilient cybersecurity practices. When developing a plan, be sure to include overarching goals — including cybercrime cost-savings and the monetary figure associated with protecting your brand.
4. Comprehensive Security Training
Only 13 percent of financial institutions plan to invest in cybersecurity training for their employees. However, employees play the single greatest role in preventing and detecting threats. Regularly provide training and best practices to every team member.
This focus should also extend to your third-party vendors. Many high-profile hacks were facilitated through third-party access points. For example, the Home Depot and Target hacks used stolen third-party vendor credentials to access payment card information. Ensure vendors uphold high-security standards and regularly train employees to prevent and detect cyber threats.
Knowledge is Half the Battle
A crucial element of a strong cybersecurity initiative is knowing your enemy. Financial institutions are facing many threats, such as fraud and identity theft, malware and ransomware, and even money laundering. Today, it’s up to you to stay ahead of the curve by continuously exploring new alternatives that will help you reduce gaps in your security protocols.
EZShield can help you close the fraud and identity theft gap by providing comprehensive products and services to your accountholders. We specialize in tailored solutions for financial institutions and have assisted countless accountholders in securing their information, monitoring for data compromise and delivering exceptional resolution services.
I encourage you to explore how fraud and identity theft solutions can be incorporated into your organization’s security plans.
A great place to start is our upcoming webinar titled, The Rebirth of Identity Protection in Banking. This webinar will cover the latest threats facing consumers and how proactive identity protection can help overcome the growing pressures you face as a financial institution.
I hope to see you there!
Webinar: The Rebirth of Identity Protection in Banking
Tuesday, June 19 at 2 PM EST