Four financial risks for the future

Issue 3 2020 Editor's Choice

Over the past decade, the financial sector has invested millions of Rands in security systems and methods with varying levels of success against an ever-evolving field of threats. Vast data assets linked to public and private sector customers make businesses in this industry a top target for attackers. An ongoing trend of moving away from cash and towards customer mobility, diversity of offerings and open banking will continue to challenge security in this arena for the foreseeable future.

Secure identity verification

Financial services’ consumers can be located anywhere and expect both access to their accounts and the ability to transact, at any time. If you combine this with an increasing number of channels across device platforms, threat vectors become numerous. The identity of the customer effectively becomes the secure perimeter.

The solution to this identity/perimeter security challenge involves strengthening multi-factor authentication processes and introducing advanced, context-based security to monitor the service endpoint (e.g. financial applications such as online banking) with users’ activities across all devices.


Gregory Dellas.

Nation state attacks

Businesses in the financial sector are now aware that they are a target for nation states. Threats from state sponsored attackers are escalating with global issues such as ongoing tensions in Iran, trade wars with China and rogue states intent on asymmetric warfare. There is an effective cold cyberwar occurring where viruses and zero-day exploits are being stockpiled for use in a potential attack.

The financial industry will be a target as the economy cannot function without critical financial IT infrastructure in place. It’s difficult to predict when or where these attacks may occur, but that does not excuse lack of preparation. Governments are legislating for tougher security for financial industries such as the American NY Department of Financial Services Cybersecurity Regulation, which refers in the introduction to the “ever growing threat posed to information and financial systems by nation-states, terrorist organisations and independent criminal actors.”

Mobile threats

One notable mobile security trend involves the increasing number of malicious apps making their way onto official app stores, for example, two selfie taking apps loaded with malicious malware that were available on the Google Play store. They were downloaded 1.5 million times. The apps would gather data silently and evade removal by becoming invisible and running in the background without a shortcut being visible to the user.

The major mobile OS vendors (Apple and Google) are battling to thoroughly vet the

 million, and counting, apps available on their platforms. The vulnerable integrity of mobile as a platform will require the financial industry to inspect its customer and contractor devices more thoroughly, whether by using MDM, or network access control. This may lead to the emergence of a two-tier security model in the mobile space where anti-malware becomes mandatory for mobile devices to interface with financial services.

Insider threat defence

The main motives for insider threats are said to be the following, regardless of sector: grudge, espionage, sabotage, malice, ideology and, of course, one must never discount the main reason – greed. Financial services companies face perpetual insider threats and continue to look for innovative solutions to this problem. A strong privileged access management solution reduces the scope of permission for malicious insiders by controlling the usage of administrative credentials and implementing separation of duties within an organisation.

An established activity monitoring solution can provide the data with which to scrutinise endeavours across financial applications with context. Moreover, AI and machine learning continue to develop in this area and are essential tools for the detection of insider malpractice as and when it occurs.

For more information, contact CA Southern Africa, +27 11 417 8594, [email protected]




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
World-first safe K9 training for drug detection
Technews Publishing SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
The need for integrated control room displays
Leaderware Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...
Cyber top business risk as climate change hits record high
Editor's Choice
Globally, companies identify cyberattacks, particularly data breaches, as their primary business concern for the coming year, with business interruption ranked second. In Africa and the Middle East, cyber incidents, shifts in legislation and regulation, and macroeconomic developments are the three foremost business risks.

Read more...
As technology converges, so does cybercrime
Editor's Choice
Cybercrime is no longer siloed: it involves complex collaborations and coordination between different malicious entities, including state actors, organised crime and even drug and human trafficking networks.

Read more...