Tackling cybercrime: why the industry must unite
Cyberattacks have been dominating newspaper headlines for some time now. Whether it’s losing access to PayPal, a distributed denial of service (DDoS) attack on Lloyds Group, or Tesco Bank customers losing £2.5 million to hackers, the threat of a cyberattack in 2017 is so great that it’s not a case of if, but when one occurs.
The complex security breaches recently suffered by some of the world’s best known and most visited institutions are a prime example of this. The ever-evolving nature of cyber and information warfare makes it extremely difficult for businesses to stay ahead of the cyber aggressors – making cyberattacks a very real threat to a business’s health. Unfortunately, this reflects the digital world we live in. Every single day businesses face more strategic, astute and destructive methods of cybercrime.
The financial services industry is a more attractive target than most. Alongside the potential to leak confidential emails or sensitive data, the potential to access large sums of money makes the industry a particularly enticing mark. A recent report by the UK regulator Financial Conduct Authority (FCA) claims that cyberattacks on financial services groups have soared in the last few years, with 75 security breaches reported to the City Watchdog by September 2016 alone. So how can the financial services industry protect itself and its systems, its customers and its employees, its communications and its information, from determined cyber aggressors?
Collaboration is key
A problem shared is a problem halved, as the old saying goes. Working together within the financial services industry – and across other industries – is essential for the creation of truly innovative solutions to effectively protect against cyberattacks.
Events such as the FT Cyber Security Summit and networks like RUSI’s Centre for Financial Crime and Security Studies (namely the FinTech and FinCrime Exchange) bring together experts and thought leaders from across industries to share ideas and conduct research for the development of effective cyber security solutions. Participation in group initiatives such as these provides opportunities to learn and contribute towards a unified goal, growing knowledge and developing best practices that individuals can adopt and develop. If we are to make the industry a safe place to do business, it will be done by a collective and orchestrated effort that involves employees, customers, businesses (of all sizes) and the government.
Investing in tech
Technological breakthroughs within cyber security have also made waves in the industry. In fact, technology has undeniably reshaped the financial landscape in recent years, with fintech providers offering efficient, easy-to-use customer experiences.
However, so too have the technological capabilities of cyber criminals. As the number and severity of attacks rise, the demand for a larger cyber security workforce is surpassing the supply of qualified individuals. Consequently, cyber security companies are increasingly looking to artificial intelligence (AI) technology to improve defence systems and create the next generation of cyber protection. AI-driven software that uses machine learning and other technologies to differentiate between benign or harmful activity is becoming more and more robust and will inevitably be an area of rapid growth in 2017.
Such technology will undeniably give early adopters the competitive edge in a market where demonstrable cyber protection is already a competitive tool. Businesses who want to work with others are required to constantly demonstrate to clients or prospective customers their credentials in the preservation of privacy, information and data. For this reason, it’s important that financial services businesses keep their finger on the pulse with the arrival of new tech, because the lack of it could cost them new and existing business.
External auditing
Compliance with legislation and external audits are another strand of understanding and prevention that can decrease a business’s chances of being stung.
Being compliant and adhering to standards like the ISO 27001 is a great achievement but cybersecurity can’t stop there. Financial services companies must take preventative measures and consistently screen, test and audit their businesses and suppliers to ensure they are aware of any potential weaknesses that could welcome cybersecurity issues.
In the fast-moving digital world where technology’s role is only increasing, cyber threats are only going to become more prevalent. As a result, the financial services industry must switch its thinking from the industrial age to the information age. The collaborative efforts of great business minds from across the industry will undoubtedly find solutions to these problems a lot faster than anyone could do in isolation. Doing so will allow each to better understand what they need to predict; identify what they need to protect; and implement the preventative measures needed to stop future attacks. Businesses equipped with this knowledge will support the £1.9billion investment in cybersecurity made by the government and make the UK a resilient business hub that is resolute in defending against this intangible 21st century crime.
By Alphus Hinds, head of cybersecurity and risk, Tungsten Network