Financial institution security practices and policies have substantially evolved since popular media depicted robbers in the Wild West as masked men running down a dirt road with a sack full of cash.
The glorified bank robbery scenario has underpinned the traditional image of bank security: armed guards, panic buttons, armoured vaults and vans — all of which are necessary to protect consumers’ physical money, but do nothing to thwart cybercriminals from attacking.
In June of 2019, Boston Consulting Group’s “Global Wealth” report found that financial services firms were 300 times more likely the target of cyberattacks than other companies. This trend seems to be continuing, as an April 2021 article from Alloy found that high-risk new account applications were up 137% from March to December of 2020, as compared to the same time period during 2019. The Covid-19 crisis escalated workers’ transition to unsecured networks at home, forced consumers to move to digital channels and increased institutions’ risk appetite, among other factors.
Cyberthreats like data breaches, malware, ransomware, keyloggers, synthetic fraud, identity theft and trojans — to name a few — are continuously evolving over time. Attacks can happen at opportune moments, like when hackers find weaknesses in networks and firewalls to execute a data breach, or can sit unnoticed in bank systems, harvesting and tracking data over time.
Historically, banks have sought to mitigate the effects of cybercrime, like advising customers with compromised data to close their accounts and open new ones, or reset their passwords.
While these instructions were adequate in the early 2000s, they will not work in 2021 and beyond. Much further than repairing the damages a cyber incident causes, customers expect the incident not to occur in the first place.
Banks need to adopt proactive, real-time cybersecurity initiatives if they wish to retain customers, stay ahead of the cyberattack curve and protect their data. It is not enough to perform an annual vulnerability scan. It is not enough to have two-factor identification. It is not enough to encrypt data. Cybersecurity practices must become an integral and consistent part of a bank’s overall strategy and culture if it wishes to keep customer trust and industry credibility.
But banks don’t have to venture into this endeavor alone. In fact, many don’t want to: Cornerstone Advisors’ 2021 “What’s Going On in Banking” report found that 70% of responding banks were interested in a fintech partnership that provided fraud and risk management services or products. An additional 20% were already engaged in one. When it came to data breach and identity protection services, 67% of banks were interested and 7% were already engaged.
Many financial technology companies are dedicated to working with banks to better secure data and assets. Their products span an incredible range, from completely managing and monitoring a bank’s network to software installation that verifies account data in real time. Just as cyberthreats evolve over time, cybersecurity measures are advancing beside it.
Three fintechs that have proven to work with banks in protecting their institutions from cyberattacks are:
Cimcor’s CimTrak Integrity Suite, which alerts an enterprise of potential breaches by detecting real-time changes to its information technology’s infrastructure. CimTrak monitors the integrity of critical files, folders, configuration settings, users, policies and authorized registry keys. It also offers complete visibility into a breach from detection to recovery, tracking and encrypting all of the forensic details of the attack and storing them in its database.
DefenseStorm, a cybersecurity company that consolidates security data from all of a bank’s data sources to provide a comprehensive view of online security. Its Threat Ready Active Compliance team co-manages and monitors the network in conjunction with the bank, so it doesn’t necessarily need to have a full-time cybersecurity officer or team on staff. DefenseStorm was selected as a finalist for Bank Director’s 2021 Best of FinXTech Awards.
Illusive, a fintech that plants deceptive data — information that looks exactly like what attackers need to progress in a cyberattack — across a bank’s network, servers and endpoints, which are physical stopping points that include laptops, desktops, workstations and mobile devices, etc. Once attacked, Illusive detects and captures forensics from the compromised machine.
Banks are constantly put in high-risk situations, and one cyberattack could derail decades of relationship building. Finding the right technology providers to help thwart attacks, partnered with adaptive internal policies, procedures and training, could give a bank the proactive stance it needs to protect its data, assets and customers in the new Wild West of today.
*All three technology companies are included in Bank Director’s FinXTech Connect platform, a curated database of proven financial technology solutions that are working with banks to better connect them with digital offerings. Fintechs cannot pay to be included and are selected through an interview and vetting process. For more information, please email [email protected] with any questions, comments or concerns.