IT Security Concerns Loom Large for Financial Sector in 2017


Posted on by Nathan Eddy

Today’s financial sector chief information officer (CIO) is in the midst of a radical technological evolution, driven by global digitalization, adoption of mobile and cloud technologies by consumers, and the need for faster implementation of information technology.

In addition, IT leadership is tasked with achieving higher revenue through technology, while continuing to adequately address security and government regulation initiatives.

According to a Peak 10 survey of 152 IT decision makers from financial organizations, the quickest path to growth for the banking industry is digitalization—but maintaining security, both internally and for consumers—is a major challenge. 

Complicating the IT security issue is the survey’s finding that mobile apps and customer portals--for banking in particular--dominate the financial industry. 

According to study respondents, the top security challenges and concerns among the financial sector were internal threats, such as email security, ransomware/malware/viruses, data breach protection and compliance, distributed denial of service (DDoS) and cyber terrorism. 

"Our study showed that CIOs are finding it hard to keep up with all the threats, especially because they change so rapidly," Christina Kyriazi, product marketing and analytics manager for Peak 10, said. "Also many of them are not 100 percent confident in their IT security programs." 

She noted 52 percent rated their company’s IT security program with a B, and another 22 percent with a C or worse. 

The survey also found three-fourths of respondents currently have customer portals, and on the mobile app side, almost 75 percent of banks offer a mobile app, while half of insurance companies do. 

"There are few consumers today who don’t utilize a mobile app for nearly all of their personal banking needs," Kyriazi explained. "The mass adoption is one of many responses to the wave of digitalization, implemented for the benefit and convenience of the end user, but it creates a lot of complexity on the back end for banks and insurance companies." 

Kyriazi also noted the tech talent shortage in financial services coupled with compliance requirements make for challenging times, and at times it can seem like somewhat of a Catch-22. 

"There are some really exciting initiatives taking place in the financial services industry that are truly transforming the customer experience—but IT adoption in financial services tends to move relatively slowly," she said. "All projects have to be done in compliance with regulations, and all changes have to undergo approval from a long list of decision makers." 

A similar report from IDology indicated a top concern for financial institutions in 2017--as it has been in years past--is staying ahead of the shifting fraud tactics used by criminals. 

The company’s latest fraud report shows that concern has jumped from 60 percent three years ago to 71 percent last year. 

To fight this, many organizations are utilizing a layered approach to fraud prevention by adding multiple verification techniques that multiply the effectiveness of fraud prevention. 

However, as this approach has become more popular, a growing concern is verifying identity without creating excessive customer friction. 

"Being able to create a positive experience for legitimate customers should be as important as keeping out the bad guys," Chris Luttrell, senior vice president of product management for IDology, said. 

He explained consumers should operate under the assumption that most of their personally identifiable information is probably available on the dark web somewhere and it’s probably a matter of time before someone uses it for nefarious purposes. 

Luttrell noted the rise of mobile banking has also created a whole other area of concern when verifying identity and preventing attacks. 

"Financial institutions have to view an identity not just as a person but as a combination of the person and their device – a mobile identity," he said. "Fraudsters know, just like we do, that mobile usage is only going to increase and become a more critical part of people’s lives. We have seen mobile-specific fraud tactics already start to occur and we don’t foresee the likelihood of them declining in number and frequency." 

Luttrell said for their part, when dealing with financial institutions, or any transaction online for that matter, consumers should do the basics, such as having updated security software, changing passwords frequently, not using unknown WiFi networks and avoiding phishing emails. 

"The last one about phishing emails is important – do not click on links from email addresses you don’t know, check the domain of the sender, and if in doubt, call the bank to confirm before proceeding," he said.

While the financial industry is learning to embrace mass digitalization and all of the projects it comes with, not all tech candidates want to contend with a comparatively slow adoption process, or jump through hoops to work with new technology. With an eye towards emerging and continuing threats in 2017, IT specialists at financial institutions will need to balance the security and compliance needs of their organizations with the ease-of-use demanded by their clients. 

Contributors
Nathan Eddy

Technology Writer,

mobile security

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs