Four financial risks for the future

Issue 3 2020 Editor's Choice

Over the past decade, the financial sector has invested millions of Rands in security systems and methods with varying levels of success against an ever-evolving field of threats. Vast data assets linked to public and private sector customers make businesses in this industry a top target for attackers. An ongoing trend of moving away from cash and towards customer mobility, diversity of offerings and open banking will continue to challenge security in this arena for the foreseeable future.

Secure identity verification

Financial services’ consumers can be located anywhere and expect both access to their accounts and the ability to transact, at any time. If you combine this with an increasing number of channels across device platforms, threat vectors become numerous. The identity of the customer effectively becomes the secure perimeter.

The solution to this identity/perimeter security challenge involves strengthening multi-factor authentication processes and introducing advanced, context-based security to monitor the service endpoint (e.g. financial applications such as online banking) with users’ activities across all devices.

Gregory Dellas.

Nation state attacks

Businesses in the financial sector are now aware that they are a target for nation states. Threats from state sponsored attackers are escalating with global issues such as ongoing tensions in Iran, trade wars with China and rogue states intent on asymmetric warfare. There is an effective cold cyberwar occurring where viruses and zero-day exploits are being stockpiled for use in a potential attack.

The financial industry will be a target as the economy cannot function without critical financial IT infrastructure in place. It’s difficult to predict when or where these attacks may occur, but that does not excuse lack of preparation. Governments are legislating for tougher security for financial industries such as the American NY Department of Financial Services Cybersecurity Regulation, which refers in the introduction to the “ever growing threat posed to information and financial systems by nation-states, terrorist organisations and independent criminal actors.”

Mobile threats

One notable mobile security trend involves the increasing number of malicious apps making their way onto official app stores, for example, two selfie taking apps loaded with malicious malware that were available on the Google Play store. They were downloaded 1.5 million times. The apps would gather data silently and evade removal by becoming invisible and running in the background without a shortcut being visible to the user.

The major mobile OS vendors (Apple and Google) are battling to thoroughly vet the

 million, and counting, apps available on their platforms. The vulnerable integrity of mobile as a platform will require the financial industry to inspect its customer and contractor devices more thoroughly, whether by using MDM, or network access control. This may lead to the emergence of a two-tier security model in the mobile space where anti-malware becomes mandatory for mobile devices to interface with financial services.

Insider threat defence

The main motives for insider threats are said to be the following, regardless of sector: grudge, espionage, sabotage, malice, ideology and, of course, one must never discount the main reason – greed. Financial services companies face perpetual insider threats and continue to look for innovative solutions to this problem. A strong privileged access management solution reduces the scope of permission for malicious insiders by controlling the usage of administrative credentials and implementing separation of duties within an organisation.

An established activity monitoring solution can provide the data with which to scrutinise endeavours across financial applications with context. Moreover, AI and machine learning continue to develop in this area and are essential tools for the detection of insider malpractice as and when it occurs.

For more information, contact CA Southern Africa, +27 11 417 8594, [email protected]


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Stadium security with Panomera
Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Entertainment and Hospitality (Industry)
To be able to better identify and track perpetrators and thus reduce financial and non-material damage in a soccer stadium, the operator opted for a video security solution from Dallmeier.

What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

From overwhelm to oversight
Editor's Choice Cyber Security Products
Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

SMART Surveillance Conference 2023
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Conferences & Events
Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive, over distributed sites, than ever before.

Has your business planned for the worst?
Editor's Choice Cyber Security Security Services & Risk Management
Incident response is a specialised part of security, like a hospital's intensive care unit: IR kicks in when the organisation detects a breach of its systems to stop criminals from doing more damage.

Making a difference with human intelligence gathering
Kleyn Change Management Editor's Choice
Eva Nolle believes that woman should stand their ground as they often bring an entirely different skill set to the table, which enhances the overall service delivered.

Milestone celebrates women in security
Milestone Systems Technews Publishing Editor's Choice News Conferences & Events
The Milestone Systems’ African team wanted to express their appreciation for the incredible contributions of the women in the security industry and held a breakfast in honour of the hard-working women in the industry on 8 August.

Supporting CCTV intelligence with small and big data
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring
The increasing development of AI and its role in enhancing investigation-led surveillance, and the increasing capacity of control rooms and local analysts to deliver data in return, can increase the synergy between intelligence and surveillance.

Overcoming resistance to changing your current operating model
Editor's Choice Integrated Solutions
Business survival goes beyond cutting costs and driving efficiency, it’s about using data and technology as strategic assets to develop speed, agility and resilience, keep up with customer demands, beat the competition and grow the business.

The road to Zero Trust not necessarily paved with gold
Editor's Choice Access Control & Identity Management Cyber Security
Paul Meyer says that while Zero Trust must be the goal, there are a few potholes to navigate on the journey. Here he expands on these caveats, but also exposes the greatest ally of Zero Trust.