Four financial risks for the future

Issue 3 2020 Editor's Choice

Over the past decade, the financial sector has invested millions of Rands in security systems and methods with varying levels of success against an ever-evolving field of threats. Vast data assets linked to public and private sector customers make businesses in this industry a top target for attackers. An ongoing trend of moving away from cash and towards customer mobility, diversity of offerings and open banking will continue to challenge security in this arena for the foreseeable future.

Secure identity verification

Financial services’ consumers can be located anywhere and expect both access to their accounts and the ability to transact, at any time. If you combine this with an increasing number of channels across device platforms, threat vectors become numerous. The identity of the customer effectively becomes the secure perimeter.

The solution to this identity/perimeter security challenge involves strengthening multi-factor authentication processes and introducing advanced, context-based security to monitor the service endpoint (e.g. financial applications such as online banking) with users’ activities across all devices.

Gregory Dellas.

Nation state attacks

Businesses in the financial sector are now aware that they are a target for nation states. Threats from state sponsored attackers are escalating with global issues such as ongoing tensions in Iran, trade wars with China and rogue states intent on asymmetric warfare. There is an effective cold cyberwar occurring where viruses and zero-day exploits are being stockpiled for use in a potential attack.

The financial industry will be a target as the economy cannot function without critical financial IT infrastructure in place. It’s difficult to predict when or where these attacks may occur, but that does not excuse lack of preparation. Governments are legislating for tougher security for financial industries such as the American NY Department of Financial Services Cybersecurity Regulation, which refers in the introduction to the “ever growing threat posed to information and financial systems by nation-states, terrorist organisations and independent criminal actors.”

Mobile threats

One notable mobile security trend involves the increasing number of malicious apps making their way onto official app stores, for example, two selfie taking apps loaded with malicious malware that were available on the Google Play store. They were downloaded 1.5 million times. The apps would gather data silently and evade removal by becoming invisible and running in the background without a shortcut being visible to the user.

The major mobile OS vendors (Apple and Google) are battling to thoroughly vet the

 million, and counting, apps available on their platforms. The vulnerable integrity of mobile as a platform will require the financial industry to inspect its customer and contractor devices more thoroughly, whether by using MDM, or network access control. This may lead to the emergence of a two-tier security model in the mobile space where anti-malware becomes mandatory for mobile devices to interface with financial services.

Insider threat defence

The main motives for insider threats are said to be the following, regardless of sector: grudge, espionage, sabotage, malice, ideology and, of course, one must never discount the main reason – greed. Financial services companies face perpetual insider threats and continue to look for innovative solutions to this problem. A strong privileged access management solution reduces the scope of permission for malicious insiders by controlling the usage of administrative credentials and implementing separation of duties within an organisation.

An established activity monitoring solution can provide the data with which to scrutinise endeavours across financial applications with context. Moreover, AI and machine learning continue to develop in this area and are essential tools for the detection of insider malpractice as and when it occurs.

For more information, contact CA Southern Africa, +27 11 417 8594,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Using fingerprint recognition under COVID-19
Issue 4 2020, Suprema , Editor's Choice
COVID-19 is raising questions about how safe fingerprint authentication really is, as touching sensors can potentially spread viruses.

From the editor's desk: The worst of times
Issue 4 2020, Technews Publishing , Editor's Choice
While the world is going through a tough time at the moment with the pandemic and seemingly endless economic problems, Hi-Tech Security Solutions and Technews Publishing has had an additional burden of ...

Leaders in risk & security: Assessing threat, risk and vulnerability
Issue 4 2020, Sentinel Risk Management, Technews Publishing , Editor's Choice
After serving a 27-year ‘life sentence’ in the military, Andy Lawler has spent over ten years in the private security industry as a risk specialist.

IDEMIA launches VisionPass facial recognition
Issue 4 2020, IDEMIA , Editor's Choice
IDEMIA has launched its VisionPass facial recognition solution in Africa, offering secure and contactless access control to companies of all sizes and in all markets.

BioCote antimicrobial technology
Issue 4 2020, Salto Systems Africa , Editor's Choice
BioCote helps to reduce the spread of microbes around a building as microbes are not transferred from door to door and surface to surface.

Customised personal security app for your workforce
Issue 4 2020, Technews Publishing , Editor's Choice
Zecure takes the idea of app-based security to the business world, providing employees with a suite of applications on hand to cater to their personal security needs.

Fulcrum Biometrics expands into Africa
Issue 4 2020, Fulcrum Biometrics , Editor's Choice
Fulcrum Biometrics Southern Africa, a subsidiary of Fulcrum Biometrics in Texas, USA, has been launched in Johannesburg with a number of industry stalwarts at the helm.

Paying the ransom doubles cost of recovery
Issue 4 2020 , Editor's Choice
Paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery.

Coping with COVID-19
Issue 4 2020, Sentinel Risk Management, Xone Integrated Security, ISF SFP, Technews Publishing , Editor's Choice
Hi-Tech Security Solutions spoke to four security service providers about their new business reality and how they are coping with the stringent regulations.

Milestone forges ahead globally and in Africa
Issue 4 2020, Milestone Systems, Technews Publishing , Editor's Choice
Hi-Tech Security Solutions was given the opportunity to speak to Milestone’s Kenneth H. Petersen and Anders Johansson about the company’s annual performance and its regional plans.