The sophisticated cyber attacks that banks experienced in 2013 will continue into 2014, Booz Allen Hamilton, a management consulting firm, said in its cyber security predictions for 2014.
Board members and executives have seen the threat landscape evolve with the high profile DDoS attacks this past year, turning cyber security into a bigger concern for all banks, the company said in a statement outlining the predictions, which was released this week.
“Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber security program that responds to an institution’s critical business risks,” Bill Stewart, Booz Allen’s senior vice president and head of commercial finance, explained in the statement.
Here are the consultancy’s top trends to watch in cyber security in 2014:
1. Making threat intelligence useful - Big banks have a great deal of data, but sifting through it all to find actionable intelligence and making use of it will be a big challenge next year. Threat intelligence will need to be joined with incident response, fraud and other areas.
2. Mobile threats - Emerging mobile malware threats that take advantage of vulnerabilities in mobile device platforms. One such threat, the Perkele Trojan crimeware kit seen in the Middle East, will likely spread elsewhere this holiday shopping season, Booz Allen predicted.
3. Emerging countries will experience more cyber attacks on banks - The growing wealth of emerging markets will make fraudsters take notice of the new and lucrative opportunities for them there. Countries in Latin America, the Middle East and Asia that are quickly modernizing their technology infrastructures will become more enticing targets for cyber criminals.
4. Attacks will spread to smaller institutions - Mid-tier and regional banks, wealth management firms and hedge funds don’t have the sophisticated cyber security systems and large teams of experts that bigger institutions have. Attackers will begin to shift their efforts to these easier targets over the next year.
5. New strategies for dealing with insider threats - Banks will start to develop new strategies that involve different teams across the organization to improve awareness of cyber security threats and how employees need to respond to them to help deal with social engineering attacks and other such threats.
6. Dealing with challenges created by the NIST framework - The NIST cyber security framework will make private sector businesses liable data destroyed or stolen in breaches. This will open the window for a growing insurance industry in the area of cyber attacks to help banks manage that liability, according to Booz Allen.
7. New needs around data security - More data will be moving to the cloud in the next year, which will require new security controls over the sharing of data. This will provide an opportunity for banks to improve their security architecture and integrate new controls. This will further the use of analytics in cyber security to deal with the volumes of data.