Building cyber resilience for finance and banking

The finance sector, by definition, has a lot to lose. Everyone knows that – and so the industry has, for a long time, been recognised as among the most resilient and efficient when it comes to cybersecurity protections. 

But a spate of recent attacks have highlighted that cyber criminals are becoming more sophisticated at a faster pace than finance cybersecurity; and the industry needs to keep up. 

As reported by the Financial Times, the New York faction of ICBC, China’s largest bank, was targeted in a ransomware attack in November 2023 – disrupting the US Treasury’s $25tn bond market and prompting ICBC to propose sending a runner across the city with a USB stick to calm the waves. And Ion Markets, a technology group based in Dublin that provides some of the financial technology that enables the trading industry, was also hit by a ransomware attack – which forced some customers to resort to paper ledgers in order to continue trading. 

Cyberattacks are now deemed the biggest threat to the global finance industry by countless experts and surveys. And last year, Lloyd’s of London cautioned that a major attack on a global payments system could cost the world’s economy $3.5 trillion over a five year period. 

Startups are supporting increased resilience

A growing number of cybersecurity startups are offering innovative solutions to support resilience in financial markets.

They offer new, ahead-of-the-curve security operations, such as:

• Data encryption and threat monitoring using emerging technologies, including AI, ML and data analytics.
• Remote communication security, to protect against cyber threats in the face of an increased need for remote customer services and onboarding processes.
• Directly tackling financial crime through anti-money laundering operations, financial fraud detection, and identity verification. 

And financial institutions are honing in on research and collaboration

A cyber breach in the finance industry has serious implications, coupling monetary and data losses with damage to customer trust that can impede a finance organisation for years to come. So institutions and organisations in the sector are doubling down on security research to identify specific vulnerabilities and solutions; and cybersecurity experts are urging for an increased focus on collaboration between those organisations and the security firms that support them. 

Noting that organisations in the sector hold 20% more data than companies in other industries, Steve Stone (Head of Rubrik Zero Labs) told the Financial Times that “more data means a large surface area to target and more potential blind spots…It is typically at the fringes where visibility is at its lowest and where gaps in security lie.”

So vulnerability detection and security at those fringes is crucial – and communication between different organisations can help identify those blind spots. Eventually, regulatory agreements across nations, along with enhanced information-sharing, could enable a more robust and resilient financial sector that can adapt and improve its security fast enough to keep up with (or outpace) threat groups.

At Black Hat MEA 2024, find out how other organisations are solving the problems you’re facing.