News

10:41 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Cybersecurity Not Just an IT Problem Anymore

A new report from Deloitte examines the evolving cyber security threat against banks.

Banks must develop and maintain a cyber-risk strategy to be developed and maintained at the executive level, and not just think of cyber security as "an IT problem," according to a new report titled "Transforming cybersecurity: New approaches for an evolving threat landscape" from Deloitte.

The need to approach cyber security as a strategic business problem is more imperative as the financial services industry becomes a more frequent target, according to the report. U.S. financial services companies lost on average $23.6 million from cybersecurity breaches in 2013, which represent the highest average loss across all industries, according to Deloitte. That number is 43.9 percent higher than in 2012, when the industry was ranked third, after the defense and utilities & energy industries.

Further, the report notes that the business and technology innovations that financial services companies are adopting in their quest for growth, innovation, and cost optimization are in turn presenting heightened levels of cyber risks. These innovations have likely introduced new vulnerabilities and complexities into the financial services technology ecosystem. For example, the continued adoption of Web, mobile, cloud, and social media technologies has likely increased opportunities for attackers

[The mobile employee -- as well as the mobile customer -- are here to stay. Is your bank prepared? Learn how to set up and maintain a mobile infrastructure that can support today's needs and tomorrow's expected mobile demands. Attend the From BYOD to 802.11ac: How to Build A Next-Generation Mobile Infrastructure session at Interop 2014 in Las Vegas, March 31-April 4.
You can also REGISTER FOR INTEROP HERE.]

While the CISO or IT risk officer still has a very significant role to play, for sustainable success firms may consider appointing a chief operating officer (COO) or chief administrative officer (CAO) equivalent to lead a cross-functional team to drive the cyber risk agenda. Vikram Bhat, who leads Deloitte's financial services team, says that while senior leaders are involved in this process at most banks, it's still "predominately driven through IT organizations." Further, he says business leaders can and should be held accountable for their responsibilities related to data protection.

Bhat also notes that banks need to place a priority on using automation and data analytics in order to monitor and detect anomalies that could point to cyberattacks. The report notes that financial services firms should consider revisiting their IT security investments and prioritizing investments to create the required automation and analytics in their environment.

Further, Bhat notes that with the increasing use of innovative technology, like mobile and cloud, by banks to offer new products or pursue efficiencies, these also provide new avenues for cuber criminals to attack. He says the cyber security angle "needs to be fully incorporated into the decision-making process throughout the whole lifecycle, and sometimes you might make a different decision if you really incorporate it."

[See Also: Let's Be Friends: Banking & Merchant Trade Groups Launch Cybersecurity Partnership]

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
3/13/2014 | 5:54:56 PM
re: Cybersecurity Not Just an IT Problem Anymore
Or they didn't want it to be. Target's CIO took the fall for their data breach, but clearly it wasn't just his responsibility. Customers will realize that going forward, I think, especially as departments outside IT add more tech to their processes.
KBurger
50%
50%
KBurger,
User Rank: Author
3/11/2014 | 6:59:23 PM
re: Cybersecurity Not Just an IT Problem Anymore
The crooks always will go "where the money is" -- that's mostly likely why Mt. Gox (bitcoin exchange) got hacked/robbed, not out of any political/social statement. Similarly, that's why smaller banks and insurers are potentially vulnerable, as the big banks (prime targets) continue to improve their defenses, criminals will go to the next batch of (relatively) low-hanging fruit. As more and more banking business is transacted via mobile it is an inevitable target. Not because mobile is or isn't inherently vulnerable, but because that's where banking/financial activity occurs.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
3/11/2014 | 3:39:20 PM
re: Cybersecurity Not Just an IT Problem Anymore
There will be a big mobile breach eventually, i'm sure. As more and more users use mobile, it will become an irresistible target for hackers.
KBurger
50%
50%
KBurger,
User Rank: Author
3/10/2014 | 5:43:02 PM
re: Cybersecurity Not Just an IT Problem Anymore
I don't want to create a jinx, but it really is kind of incredible that there hasn't been a high-profile breach of some sort(yet) around mobile banking (at least not that I'm aware of) -- although we know that security concerns/actions have been there from the start of offering mobile banking solutions, so that probably has helped. That said, there have been other kinds of broader security-related issues that have arisen around the pervasiveness of mobile (in, but not limited to, banking) -- privacy, sharing customer information, surveillance, BYOD, etc.
Byurcan
50%
50%
Byurcan,
User Rank: Author
3/10/2014 | 4:24:11 PM
re: Cybersecurity Not Just an IT Problem Anymore
That sound very likely! Thanks for the feedback and for reading
JGarner721
50%
50%
JGarner721,
User Rank: Apprentice
3/10/2014 | 4:11:13 PM
re: Cybersecurity Not Just an IT Problem Anymore
It has always been a business issue. Manage just did not realize that was the case!!
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
New IT Models for New Financial Services Challenges