Cybersecurity has always been a top concern within financial services, but COVID-19 has moved the spotlight squarely on it as fraud schemes and post-pandemic threats emerge.
Cybersecurity was a top priority for financial institutions (FIs) and financial service providers before the COVID-19 crisis—though the shifts in behavior and technology caused by the pandemic have made it an even more critical concern. As contactless payments, emerging technologies, and an acceleration in remote work take center stage, FIs and payments organizations must reinvest and reinvest in systems and programs that will protect sensitive data.
Changes to environments and IT complexities present a significant cybersecurity challenge to payments companies. Digitally-enabled cybersecurity can help FIs mitigate emerging cyber risks, but this requires closing the gap between cybersecurity and IT. Finding the right balance can be difficult for organizations that want to make independent risk management decisions that are not bound by IT constraints.
Investments in cloud technology, automation, and analytics can streamline this process and help FIs and other financial service providers navigate the converging fronts of employees, vendors, and customers who are often operating on remote and sometimes siloed systems.
Digitization of payments has been in motion for nearly a decade. More recently, efforts toward digital transformation have ramped up to meet increasingly sophisticated consumer expectations, though some firms have moved more quickly than others. Undoubtedly, COVID-19 has accelerated the digital efforts for many organizations as employees were forced to work remotely and shutdowns shifted business to the virtual realm.
The near-instantaneous shift has thrust complications in the laps of cybersecurity teams, IT departments, and chief information security officers (CISOs), who were called to secure operations as they moved to digital. Remote work presented an especially difficult challenge as it expanded attack surfaces for shrewd hackers and cybercriminals. In April of 2020, the New York Department of Financial Services (NYDFS) went so far as to issue new guidance to all regulated entities in the state, highlighting “a significant increase in cybercrime” due to the COVID-19 epidemic.
The financial services industry has a target on its back. According to the VMware Carbon Black Global Incident Response Threat Report, up to 51% of post-COVID-19 attacks have targeted the financial industry. As more workers move to remote workspaces, a secure network becomes paramount to inhibit cybercriminals from accessing sensitive information from workers.
Financial services must proceed in a heightened state of caution when it comes to post-pandemic cybersecurity. Bad actors have a keen eye for low-hanging fruit and COVID-19 has weighted the branches for some financial services providers. Fraud attempts that aimed to disrupt economic payments from the Coronavirus Aid, Relief and Economic Security (CARES) Act were plentiful, prompting the U.S. government to issue an alert to Americans that cybercriminals could be trying to steal personal and financial information through coronavirus lures.
While remote work has expanded attack surfaces, complex supply changes are interconnecting them. The interdependent supply chains among FIs, fintechs, payments companies, and other financial services providers present a target-rick attack surface that cybercriminals have been pursuing for years. As connectedness increases among financial services players, bad actors are taking advantage to target cloud service providers (CSPs), technology service providers (TSPs), managed services providers (MSPs). In some cases, financial TSPs have fallen victim to ransomware attacks that disrupted services for FI clients.
FIs are also facing data theft and data manipulation as emerging cyberattacks aim to destroy or change data and introduce distrust to the system. FIs must emphasize cloud security and identify vulnerabilities that could lead to data theft, destruction, or manipulation.
According to the 2020 FS-ISAC/Deloitte Cyber & Strategic Risk Services CISO survey report, cloud has held the top spot for emerging technologies in which large financial institutions want to invest. While many FIs and payments companies already have at least partial IT infrastructure in the cloud, many are in the phase of migrating core business applications. Others are aiming to deploy new apps directly on the cloud.
Cloud service providers are also stepping up to the plate with new offerings, including automation-as-a-service and analytics-as-a-service. Considering that data and analytics was the second most important technology priority for FIs in the survey, it’s no surprise that cloud providers are augmenting offerings with these types of services. The key is to maintain security even as data and applications move outside of the traditional security perimeter.
Remote work and the acceleration of digital transformation within payments and financial services has driven up demand for workloads in the cloud that can meet security and compliance needs. As companies progress in their transition to the public cloud, security will remain a top focus. This will require architectures, processes, and operating models capable of protecting sensitive data.