The financial services industry was a primary target for cybercriminals in 2016, and due to the value of its data, it will remain in the crosshairs as we embark on 2017. As a result, financial services CIOs will be faced with security decisions and challenges that will likely keep them up at night.
While this isn’t an exhaustive list of challenges CIOs will face in the coming year, we’ve outlined several challenges we believe nearly all financial services organizations will have to face in 2017. Let’s take a closer look.
1. Blending Legacy Systems with New Technology
It could be argued that the financial services industry has changed more in the last 25 years than it has in all the previous years since its inception. The emergence of the “bring your own device” (BYOD) movement and the expansion of the IoT has made 24/7 access possible. Today’s customers and employees expect 24/7 access to systems and providers.
However, with great opportunity come even greater challenges for IT teams.
Integrating new technologies into existing systems and IT infrastructure will remain an area of concern throughout the coming year. The digitization of the industry and the business landscape as a whole has forced financial institutions to embrace the cloud (public, private, and hybrid) and connect on-premises systems to it, further complicating the environment that needs to be protected.
2. Reducing Threats Posed by Employees
In just the last few years alone, we’ve seen many instances where employees have been at the center of damaging cyberattacks on financial organizations. Cybercriminals are becoming smarter and developing new ways to attack corporations, including via their employees. Additionally, growing numbers of remote employees are accessing devices that may not even have organizational security safeguards in place. This new networking paradigm has made it critical for organizations to ensure their workforce is cyber-aware.
As we move into and through 2017, organizations need to put processes and security solutions in place that can reduce the number of attacks that originate from their own workforce, and minimize the impact of a successful attack.
3. Dealing with a Growing Number of Attacks
Verizon’s 2016 Data Breach Investigations Report has revealed that 89% of breaches had a financial or espionage motive. As we embark into 2017, statistics like these have forced most financial services security teams to shift their thinking from “what if we get attacked?” to “what will we do when we get attacked?”
The data also shows that 98% of financial systems were compromised within mere minutes of incidents occurring, yet 15% of incidents remained undiscovered by security teams for months (or more). This suggests that attackers have plenty of time to sift through and steal financial data in many cases. CIOs and their security teams must find ways in 2017 to disable inevitable threats, and discover and respond to attacks in a timely manner to protect their data and protect their customers.
4. Remaining in Compliance
Standards and mandates for financial services firms are always evolving, and as we head into the new year organizations can expect to be held to even higher standards than they currently face.
Some states, like New York, have already begun upping the ante when it comes to cybersecurity regulations. Governor Andrew M. Cuomo recently announced regulations that will requires banks, insurance companies, and other financial services institutions to maintain comprehensive cybersecurity programs.
Failure to adhere to these regulations could result in significant financial and reputational repercussions. As a result, CIOs in 2017 will need to look for cybersecurity solutions and process that will assist them in remaining compliant.
5. Breaking Down Security Silos
Many CIOs rely on a blend of security vendors to protect their organization, as there isn’t a single solution on today’s market that can meet every need. As these multi-vendor models continue to evolve and expand, CIOs will need to consider investing in solutions that tie it all together via common operating systems and open APIs. Such a unified framework approach make it possible to integrate one-off solutions while still providing cybersecurity professionals with a holistic view of the threat landscape from a single location.
Let’s get a conversation going on Twitter! What challenges do you expect financial services CIOs to be faced with throughout 2017?
A version of this blog originally appeared in Global Banking and Finance Review.