When was the last time you heard about a large-scale bank heist? It doesn’t happen often. Rather, today’s high-stakes crimes take place in the form of cyberattacks. The financial services industry (FSI) generally ranks better than most industries in the BSIMM (Building Security in Maturity Model) survey of software security initiatives, but even then, most institutions are not doing enough.
Here, we’ll go over the current state of cybersecurity in financial services, what can be done to address security concerns, and the tools that can help.
State of Cybersecurity in Financial Services Today
Today, 70% of community banks claim cybersecurity is their top concern –– a priority made with just cause. The FSI is 300 times more likely to experience a data breach or other form of cyberattack because of how valuable their assets are. Most of these attacks are executed through phishing attempts and credential stuffing, as seen in the Capital One data breach of 2019.
With so many valuable assets on the line, it’s no wonder the FSI is highly concerned with cybersecurity while also being a big target. So, what can be done to protect the FSI from these sorts of attacks?
Securing Identities in Financial Services
A user’s identity is their key to data, applications, networks, and other IT resources. However, without verifying a user’s identity through multiple factors, a bad actor can easily access sensitive data with an authentic user’s credentials.
To reduce such vulnerabilities, the FSI should require multi-factor authentication (MFA) on as many resources as possible –– including files, networks, applications, and endpoints. They can accomplish this by using authenticator-compatible solutions, which send temporary codes to a user’s smartphone or email address to gain access to their applications and/or devices. This can prevent bad actors from gaining access to the network, as they would need information that’s much more difficult to obtain to do so.
Alternatively, they could use a cloud-based directory service to not only require MFA, but also to enforce security policies on workstations and manage privileged access to IT resources.
Aside from MFA, there are other ways to protect your system. You can install robust antivirus software on all devices, enforce full disk encryption (FDE), disable USB access and guest accounts, and enforce screen lock. Here’s how they break down:
- Antivirus prevents malware from infecting workstations, inhibiting their functionality, and compromising their data.
- FDE secures data stored on a hard drive by preventing anyone without the correct credentials or key(s) to decrypt the information.
- Disabling USB access blocks any malicious code from entering the network through an infected USB stick.
- Guest accounts allow users to anonymously access resources, so disabling them deters internal sabotage.
- Enforcing screen lock prevents third parties from interfering with another’s data while they’re away.
Another way the FSI can protect user identities is by training staff regularly on cybersecurity best practices. Perhaps, the most important threat users should recognize is when they are targeted by a phishing attack. However, if a user is lured by a phishing attack, FSI organizations have a few options for protecting their networks.
They can implement the principle of least privilege, meaning every user only has minimum access to the resources they need for their jobs. This mitigates the damage a bad actor could do by preventing them from accessing too much of the network. Then, as an additional layer of network security, admins can segment the network to protect themselves from being compromised entirely.
Another way to protect the network is to guard WiFi access. To do this, there should be no shared WiFi credentials. Shared credentials can easily be spread to users with malicious intent. Authenticating users via RADIUS ensures that each user has a unique set of credentials so that only trusted parties have access to the WiFi network.
Assembling all the tools that allow you to construct a strong defense against cyberattacks can be time consuming and expensive. Fortunately, there is a solution that can provide many of the aforementioned capabilities from one platform.
Cloud Directory Improves Cybersecurity
A cloud directory service can provide MFA, RADIUS authentication, network segmentation, privileged access management, and many other cybersecurity features from a secure, cloud-based platform.