[November 19, 2014] |
|
Booz Allen Releases Annual Financial Services Cyber Trends for 2015
MCLEAN, Va. --(Business Wire)--
If 2014 was the "year of the breach," then what future cybersecurity
threats await us? What's the next mode of attack, and how much worse
will it be? That's the question on the minds of financial services
companies as they invest in cyber protection measures, manage growing
customer concerns and try to predict what's next.
It's also the question the cybersecurity experts at Booz Allen (NYSE:
BAH) have sought to answer as they look to 2015 and beyond.
Today, cyber security is a priority issue for every stakeholder in the
financial services industry - investor, consumer, regulatory, employees
- all the way up to boards of directors. That makes the "tomorrow"
question - how will the threat evolve? - all the more important.
"When it comes to cyber, clients are wary that they are studying to
fight the last war," said Bill Stewart, a Senior Vice President with
Booz Allen who leads the firm's work in the financial services sector.
"They're looking for a fundamentally different way to deal with the
cyber threats of the future, based on a clear understanding of those
emerging threats. Yet, we must remember that people are launching
these attacks and people are making business decisions that
create vulnerabilities. To get ahead of and manage these threats we need
the right balance of technology and highly skilled analysts with
intelligence tradecraft and data analytics skills."
To help financial services companies better anticipate future threats
and identify new approaches to cyber security, Booz Allen, as it does
annually, has assembled its list of Cyber Trends for 2015 and beyond.
The list is based on conversations with CISOs, CIOs, CPOs chief risk
officers, and other leaders in the financial services sector, as well as
Booz Allen's own extensive analysis of cutting-edge cyber issues and
threats.
"Even as cyberattacks are a daily occurrence, we are seeing some major
changes on the horizon," observed Booz Allen Principal Albert Belman.
"We know the nature of attacks will evolve, yet how? Booz Allen takes a
lifecycle approach - Anticipate, Protect, Detect, Respond and Recover -
that can address critical questions such as this. When you link together
all of these segments, they become very powerful tools that can help our
clients thrive in this time of increasing peril."
The Top Financial Services Cyber Security Trends for 2015:
-
Third-party risk moves to the top of the list. Like other
sectors, the financial services industry is a huge mesh of intertwined
capabilities. Companies are already aware of the potential cyber risks
associated with partners, vendors and other third parties and are
feeling more pressure from U.S. and European regulators to better
manage this risk. As illustrated by numerous breaches this year, the
security posture of critical third parties, such as the retail
industry, can have a profound impact on financial services firms. In
2015, there will be a shift towards active cyber risk mitigation and
monitoring with third parties, versus the current "self-certification"
process that is proving less reliable. Third-party reltionships will
no longer be an afterthought and security will be built in by design
into any product, service, solution or software capability provided by
a third party - and subject to frequent testing and updates.
-
The rise of the "fusion center." Financial services
institutions have increasingly sought a holistic, integrated approach
to cyber security, yet it has often proven elusive. Now, firms are
building cyber "fusion centers" that better integrate the many
different teams - fraud, cyber, IT, physical security, product
development - to boost intelligence, speed response, reduce costs and
leverage scarce talent. The result: more efficient and faster threat
awareness and mitigation.
-
Information protected at the database and data element level. It
is the most important question: how does a firm protect its most
valuable, sensitive and regulated data and where is it located? In
2015, the discussion will move away from "building bigger walls" to a
"defense in depth" risk-based approach around high-risk and high-value
repositories that limits the value of raw data (for example, debit
card PINs). The use of tokenization, chip cards and other solutions
will increasingly render stolen data useless to hackers.
-
Rise in alternative payment systems creates exposure. As
companies continue to roll out - and consumers embrace - new
electronic, wireless payment systems, hackers are presented with more
targets. In particular, use of underlying technologies like Bluetooth
or NFC (near-field communications) creates opportunities for cyber
attacks and breaches. Simple "bench testing" of new systems will not
suffice: companies must adopt a holistic approach that assumes a
breach will happen and protects the data.
-
Cyber crime analysis evolves away from brute force to big data.
Traditionally a labor intensive, second-by-second process, cyber crime
analysis will increasingly move towards more of a big data approach.
The use of powerful, real-time analytics across multiple data sets -
both structured and unstructured - will vastly improve the quality and
speed of real-time cyber threat analysis while greatly reducing
overall cost.
-
Hacktivism spreads to the Middle East. Long directed at U.S.
and European-based multinationals, hacktivism will become a major
threat to financial services institutions in the Middle East. Regional
threat actors have adopted local grievances and formed around
hacktivist collectives similar to or associated with Anonymous. The
proliferation of cyber tools and hacking knowledge is giving
independent hacker and loosely connected groups an opportunity to
participate in cyber attacks against the region's financial sector.
Some popular targets are already emerging, like the Saudi Stock
Exchange (Tadawul) that was targeted in early August 2014 by regional
hacktivists, Izzah Hackers and AnonArabOps.
-
"Western" cyber problems are coming to a developing nation near you.
Economic prosperity and light-speed growth in mobile banking in some
countries have bypassed regional and local financial organizations'
ability to manage threats. As a result, phishing, ATM skimming and
banking malware are no longer the sole concern of "Western" or
multi-national financial firms. Industry research shows that the Gulf
Cooperation Council (GCC) region experiences ongoing threats,
including widespread banking malware in the UAE and a significant
amount of phishing attacks in Saudi Arabia.
-
Wargaming drives incident response preparation. Looking ahead,
financial services firms will borrow from the military to adopt better
approaches to preparation and simulation training. In particular, the
use of wargaming - as opposed to more rudimentary testing - will help
firms better understand - and prepare for - those seeking to attack
their cyber defenses.
-
Everything firms know about privacy has changed. The next
generation of privacy is focused on the halo of information around
individuals - the transactional, behavioral and navigation information
generated as individuals move and interact through the online and
physical world. This information is not currently regulated, yet
consumers expect a high level of protection. Companies that manage
this well will create a competitive advantage through customer loyalty
and insight.
-
Cyber insurance usage grows while coverage and ability to
successfully make claims shrinks. The NIST Cyber Security
Framework, financial statement reporting requirements and D&O
insurance risk have created a new perfect storm of potential
liability. The insurance industry, where premiums are projected to
grow to more than $2 billion, is in a race to actuarially quantify new
cyber risks and to carve out coverage of large, uncertain future
risks. Insurance companies - increasingly litigating with policy
holders over coverage - are insuring not only future financial loss,
but also brand, reputation and goodwill.
"In the months and years ahead, what it means to detect and protect in
cyber will be redefined," said Sedar LaBarre, a Principal with Booz
Allen. "We are working with clients to look at their business and
operations in a fundamentally different way, as hacking becomes the
weapon of choice for criminals, state supported actors and anyone with a
grievance and a computer."
About Booz Allen Hamilton (News - Alert)
Booz Allen Hamilton is a leading provider of management consulting,
technology, and engineering services to the US government in defense,
intelligence, and civil markets, and to major corporations and
not-for-profit organizations. Booz Allen is headquartered in McLean,
Virginia, employs more than 22,000 people, and had revenue of $5.48
billion for the 12 months ended March 31, 2014. In 2014, Booz Allen
celebrates its 100th anniversary year. To learn more, visit www.boozallen.com.
(NYSE: BAH).
BAHPR-CO
[ Back To TMCnet.com's Homepage ]
|