The new year is here, and now is the time for organizations to take a deeper look at their internal processes and seek out strategies for improvement. One area that's always a priority is cybersecurity, particularly within the financial service sector.
2018 brings numerous changes to data and asset protection, but there are three trends that financial service providers should pay special attention to, including:
1) Consumer data privacy is paramount
Maintaining security and privacy surrounding client data has always been a leading concern for banks and other financial institutions, but in 2018, this pursuit will become absolutely essential. One of the leading reasons behind this push is the enforcement date for the General Data Protection Regulation within the European Union.
This standard will go into effect on May 25, and it impacts organizations both inside and outside of the EU. If organizations do any business with EU citizens, they are beholden to these new privacy rules. This means that it's imperative that consumer data is adequately protected, and that companies can pinpoint the purpose behind their use of data.
In addition to the emerging GDPR, financial service providers in the majority of U.S. states must now align their practices with new legislation aimed at consumer security.
"Failures in cybersecurity have prompted data privacy legislation in more than 40 U.S. states," noted PwC. “In 2017, New York State regulators passed new rules requiring institutions to create detailed programs to protect consumer data and ensure employees are trained to identify threats."
This trend toward staunch consumer data protection will continue through 2018, and financial service organizations must be sure they have robust security in place to safeguard this sensitive information.
2) Moving from prevention to real-time detection
Traditionally, many cybersecurity programs revolved around strategies for prevention, where organizations would seek to stop threats before they impacted the business. While this approach is understandable, it has become evident to many financial service firms that it was simply not sustainable.
According to recent research from cybersecurity firm Thales, 42 percent of all U.S. financial service businesses have experienced a breach in the past, and almost 90 percent of financial IT professionals surveyed in 2017 noted that their institution was "vulnerable to data threats."
In order to better quell ever-increasing vulnerabilities and attack strategies, many firms are moving toward a protection strategy that centers around real-time detection as opposed to prevention. Earl Perkins, Gartner's vice president of research, argued that while prevention will still be a valid part of the overall protection strategy, more efforts need to be put toward detection of threats in real-time and the ability to respond to these exploits as quickly as possible. Financial services firms need look no further than the recent Meltdown and Spectre exploitations for further motivation to shore up such vulnerabilities.
"A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so," Perkins said in an interview with Gartner contributor Kasey Panetta. "This means adapting your security setup to focus on detection, response, and remediation."
3) Understand the weak links: IoT and third parties
Finally, organizational stakeholders and IT teams should be especially aware of the elements that can represent weak links in their security posture, including:
- IoT devices: As CSO pointed out, unsecured, network-connected devices can also enable botnet attacks, making security for these appliances a top priority in 2018.
- Third-party partners: It's also imperative to ensure that any third-party service providers the company works with have proper security in place as well.
Partnering with an experienced solution provider further helps alleviate these sort of ever-present risks.
Of course, these three trends are just the beginning. We recommend taking a look at the six biggest mistakes financial services technology leaders can avoid.