The pandemic has impacted many areas within financial institutions, including security.
As companies had to focus on the acceleration to digital, financial institutions have understandably prioritized immediate financial and operational measures such to keep core business activities going. However, our increasingly digital-focused world has brought on heightened levels of fraud and security issues.
The impact of the COVID-19 crisis on online fraud in the first quarter of 2020 shows that 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter. As threats increase and fraudsters become more sophisticated, financial institutions must prioritize and be proactive in protecting themselves, their clients and data. Security has been and will continue to be, one challenge businesses must learn from and adapt to as we move toward a post-coronavirus era.
Security complexities and the importance of response planning
As systems and software processes become more complex, financial institutions will need to review and update current security efforts throughout external and internal channels and operations. As we’ve seen with past and present crises, businesses of all sizes are vulnerable to digital attacks. In order to remain at the forefront of digital and cyber-attacks, financial institutions should consider the following points.
- Use a multi-layered approach. A blanket approach only hinders your institution’s ability to create a personalized, scalable, and flexible solution designed with the end customer in mind. Use intelligence-driven, targeted security solutions to mitigate risks and balance your business needs with your consumers’ expectations for privacy. Ensure that your security plan has the ability to scale additional protections to accommodate your risk-based strategies and varying deployment environments. A multi-layer approach is critical to ensure your fleet is protected from threats of all kinds – cyber, data breaches and physical attacks.
- Be proactive. Create a security plan that addresses not only what to do if an attack occurs, but one that regularly strives for consistent security practices as part of day-to-day business. Having a set schedule of when new software updates or patches get applied are great ways to be proactive rather than reactive. Patching for a vulnerability that’s been identified one month ago rather than 12 months ago can greatly lessen the risk of an attack.
- Update older systems. People, and especially criminals generally want to find the easiest means to their end. This means criminals know it’s much easier to target and exploit older, out-of-date networks and devices. When they know systems are unpatched or on unsupported software, it makes for an easy target. It is mission-critical to update, refresh, patch and secure those older systems and take away the low-hanging fruit. If they’re going to attack your network, at least make them work for it.
- Always on and armed. Whatever solution is implemented, ensure you have the adequate resources and tools put in place to protect your customers’ data from theft and combat attacks all the time. Even when systems are being updated, security has to be on its toes to continually protect, because during IT maintenance timeframes – odd hours, on weekends, and when systems are in a mode when security protocols are reduced – is exactly when criminals find it as a perfect time to attack. Your boots on the ground are just as important, employee and end-user training to all channels, including ATM devices and self-service end-to-end solutions are critical to be aware of attacks and how to spot odd behavior.
- Connect the silos. Disparate, separated networks and silos favor criminals looking to exploit a network – being able to infiltrate one area that may be outdated to then propagate the attack elsewhere and spread. Implementing controls and solutions which connect, monitor, track, and identify anomalous behavior from all channels allows for greater insight and a faster response to the entire network, fleet, or ecosystem you’re looking to protect.
- Implement a zero-trust policy & do the due diligence. Does this mean we’re not supposed to trust anyone? Not necessarily, but when it comes to a more digital organization and data that’s being shared across various groups and going to the end users and employees, whom of which are being targeted, the attack surface is greatly increased and translates to greater risk. To limit this, it’s important to take all potential threats and warning signs seriously, and outline steps to ensure your network is protected. Review your protocols, check passwords and keys, and conduct a thorough round of due diligence on your current settings and passwords to ensure you’re prepared for potential attacks.
- React with purpose. Being proactive and creating a security strategy is important. But one of the most critical times is when an attack occurs and dealing with it appropriately. While it may seem obvious, sometimes it is the most difficult to follow the plan and procedures to remediate the attack. In times of uncertainty and emergency, it’s easy to over, or under-react, but it’s best to stay the course and execute the plan you’ve laid out as quickly as possible.
These basic tips can help avoid or mitigate some of the most common security threats today, but the need for heightened vigilance is paramount. It is uncertain how long financial institutions will have to navigate uncertainty, but it becomes more important for firms to be proactive in assessing and addressing the new emerging risks and the changing priorities.
—
This column does not necessarily reflect the opinion of FinLedger’s editorial department and its owners.
To contact the author of this story:
Simon Powley at simon.powley@dieboldnixdorf.com
To contact the editor responsible for this story:
Mary Ann Azevedo at maryann@finledger.com