Cybersecurity, Cyber Threats, Security Awareness
The Capital One breach exposed over 100 million customers’ sensitive information.
In 2017, 147.9 million consumers were affected by the Equifax Breach.
Over the past few years, data breaches have affected over 1 trillion user accounts and the financial impact of these breaches is huge.
Unfortunately, out of every industry, financial services pays the highest cost from cybercrime at an average of $18.3M per company surveyed. These events remind both consumers and business owners of the tenuous nature of cyber security.
With that in mind, here are some threats that financial services companies need to keep in mind when protecting themselves and their customers:
People over 65 control 80% of the wealth and this population tends to be vulnerable. As the elder population grows, so does their power as a voting bloc. Therefore, it’s important that financial institutions are proactive about putting rules and processes in place BEFORE older people vote for elected officials who will force financial service companies to create regulations that will probably not be beneficial to the industry.
Right now, at least legally, there isn’t a way someone can stop a wire transaction that doesn’t have their own funds involved. As of today, it’s perfectly legal to lose all your money to a scam. As an example, there are people calling up pretending to be Microsoft support personnel who are able to remote control into your computer and wire money out of your account to an offshore account.
There’s very interesting current research about ways to prevent this type of scam. One suggested solution is a type of service which would allow the funds of someone who has significant wealth and is over a certain age to automatically go into escrow for, say, 24 – 72 hours. This would flag a security expert (or a fraud expert) to take a quick look at that transaction before finalizing. That type of product would be extraordinarily useful and would stop a great deal of information security frauds that happen with large transactions against the elderly (along with everyone else).
Many industrialized countries use PIN numbers during credit card transactions or a digital certificate on a trusted device. In the United States we are hesitant to use this type of transaction and instead we use signatures. A signature virtually means nothing and is a very faulty way of verifying authorization/identity, yet we’ve always done it that way in the US and are reluctant to change. As an industry, financial services needs to persuade US customers to use either a trusted device or a PIN.
3. Procrastinating instead of being proactive.Financial services is cautious by nature, but that can backfire when the industry waits to adopt standards and is looking simply to check off the boxes for minimum standards. For example, new PCI (payment card industry) standards are about to be released, yet banks typically will drag their feet. Remember, there’s a good reason these standards have been implemented. It’s also important to remember that your company doesn’t have to adopt everything in the new standards; you should look at what applies to your business and your risk and then adopt measures very quickly.
4. Avoiding crowdsourced vulnerability testing.Crowdsource vulnerability testing is a powerful tool and while it has to be managed, what you get out of it far outweighs any cost. The way this type of testing works is by vetting a community of security experts – sometimes referred to as ethical hackers or white hats – and asking them to look for faults in a particular product or application.
If the ethical hacker can find a flaw, you will provide them with some sort of compensation. If they don’t find a flaw, their time is considered volunteer time and they don’t get anything out of it. There are people that make a living doing this independently. This is ideal for an organization because these people are finding bugs before the evil hackers do and before your internal security does (which doesn’t always happen as quickly as you’d want it to). Also you don’t have to pay anyone anything unless there are, in fact, flaws in the product or application. If you don’t want to manage it yourself, you can always get a trusted advisor to help you with the program.
While all industries face breaches, financial services has special challenges, including that their most vulnerable customers face potential financial ruin. The takeaway? Taking steps to protect your customers also protects your business. Proactiveness pays off with fewer losses and happier (and more secure) customers.
For a quick way to see how your business is doing, download our FREE TOOL.
