There’s no skirting around the fact that cyber security is a major threat and cause for alarm today. In August 2019 alone, 114.6 million financial records were leaked in 95 breaches around the world1—and that’s just the ones we know of. Only 10-12% of cybercrimes in the U.S. are reported.2 The biggest perpetrators range from organized independent groups to nations using it as a weapon, it’s not the stereotypical un-showered boys living in a basement (although there’s a few of them, too). Cyber-attacks are considered a bigger threat than terrorism or natural disasters.1 Data is extremely valuable, now worth more than oil, and there are lots of cyber criminals, also known as “black hats,” out there trying to steal it and figure out how to monetize it.
Banks are particularly at risk, as they carry such huge amounts of extremely sensitive data. Safeguarding that data is one of the most important responsibilities of financial institutions and is becoming increasingly challenging as the world grows more and more digital. Alissa Knight, Senior Analyst for the Aite Group, conducted a study of over 30 financial services around the world to see what areas were most vulnerable and what can be done to ensure maximum protection.
Encryption is currently the most heavily relied-upon security measure, but it’s not a great method if you’re trying to use the data. Knight says, “if it’s encrypted, you can’t really do much with it. Now we’re seeing data loss prevention solutions move away from that approach of encrypting to actually allowing you to just specify what parts of the data need to be ingested by certain parts of the organization.” This doesn’t help much with the strive to end silos as “it’s like a new kind of silo, where all parts of the organization can’t access all of the data. We do not need more silos, and that’s part of the challenge: making sure that all of the data is useable to the person who needs it, but not more vulnerable than necessary.”1
Knight researched companies of varying sizes, expecting the data to show smaller companies with the most vulnerabilities and the larger companies the most secure. To her surprise, it was the opposite. All companies had vulnerabilities and problems, but the findings showed that “it wasn’t about small or big, it was about how they thought through the app-building process.”
29 out of 30 apps had hard-coded sensitive information, the most “devastating” revelation of the study, according to Knight. “Developers need to understand that those apps can be easily lifted off of the device, reverse engineered, and brought back to its original source code, so hard-coding any sort of sensitive information (private keys, APO keys, and tokens and credentials) is a definite no-no,” says Knight, “bigger banks had more issues with this because fintechs think about both tech vulnerabilities and they understand the true sensitivity of the information. They simply know what to ask. Fintech partnerships for these larger banks might be part of the solution.”
Security should not be thought of as an add-on. It needs to be an integral part of every process and thought through at every level. “If an organization is creating a mobile app or deploying apps, they need to be doing application penetration testing. There’s a lot of chaos and fast-moving parts, so cyber-security needs to be continuously checked and improved over time,” Knight cautions.
We don’t want to make data too safe to be of use, just annoying enough to hackers that it’s not worth it to them. As Knight says, “just making it really difficult can detour most black hats. And the rest, you need to implement systems to catch them.” Financial institutions have always taken security very seriously, now the issue is just learning how to guard both money and data in new ways that lend “least amount of friction necessary or the consumer, which are always the focus, and the most amount of trouble for the hackers.”1
Sources:
- Sanjib Kalita and Scarlett Sieber, hosts. “We’re Gonna Need a Bigger Boat”. The Moneypot. Money 20/20. 2 Oct 2019. Retrieved from Apple Podcasts.
- https://www.cpomagazine.com/tech/11-eye-opening-cyber-security-statistics-for-2019/
Leave a Comment