Cyber security is a constantly evolving field. As soon as experts manage to contain one threat, hackers move on to another. It's a constant game of cat and mouse that will likely never end.
Of course, this doesn't mean financial services firms should neglect their cyber defenses. Security is a moving target, and organizations need to be constantly reevaluating their preventative measures. Therefore, with 2017 on the horizon, it's important to start thinking about how cyber security will change in the new year. Let's take a look at what challenges IT departments can expect to face in the coming months.
1. New York regulations could signal future nationwide changes
As cyber security becomes an increasingly important topic in the eyes of consumers, many government agencies are stepping in to try and help ensure that customer information remains secure. The most recent development here was New York's push to more heavily regulate how financial institutions handle their digital defenses.
According to The Hill contributor Christopher Ensey, it would appear most of the new regulations are trying to set up a baseline for preventative measures within finance. One of the biggest changes is the new rule demanding organizations hire or promote a Chief Information Security Officer. Companies are also required to implement penetration testing into their current operations to sniff out potential vulnerabilities. Multi-factor authentication is also being pushed here, a point that will be discussed further below.
Opponents to this change have stated that most financial institutions already implement these kinds of security checks, and that this new regulation is ultimately redundant. While this is certainly true of larger businesses, smaller companies don't always see the value in hiring a CISO or testing their defenses on a regular basis. Simply creating a basic set of rules for security could help these smaller organizations truly understand what they're dealing with. Whether or not this kind of legislature will take hold in other states remains to be seen, but it certainly wouldn't be surprising to see others follow New York's example if all goes well here.
2. Increasing importance of proper authentication
The new year might also be a perfect opportunity for companies to improve the strength of their login credentials. A major issue facing every industry is the fact that employees very often reuse passwords. While this certainly makes it easy to remember the information needed to log into multiple accounts, it also seriously increases the likelihood of a security breach.
"Employees need to be told that they can't reuse passwords."
The reason for this is that it only takes a single breach of one account to compromise every other profile a person holds. When hackers gain access to a list of login credentials that an organization is storing, they very often try them on other sites to see if they'll work. If a staff member happens to use the same password and email at work as she does on her social media platforms, she's simply opening herself and the company to an attack.
Not only do employees need to be told that they can't reuse passwords for work-related accounts, it's also important to set up multi-factor authentication. This is where the user needs access to extra information or devices in order to gain entry to a system. Something like sending a text to confirm a login would be considered multi-factor authentication.
3. Spear phishing has been (and will be) a big problem
The most terrifying cyber attacks are the ones that rely on human error, with perhaps the scariest of these being spear phishing. This technique is where a hacker will send a personalized message to a person of power within a company. This message will be crafted after the cyber criminal has spent time researching the target, maybe even masquerading as a friend or colleague. The end goal is to get the victim to either give up sensitive information or click on a link containing malware.
Due to the simplicity of this kind of attack, many companies fall victim to spear phishing and end up having to deal with major breaches. One of the best examples of this was the heist that was pulled off by the Carbanak gang. This incident saw nearly $1 billion stolen from multiple financial institutions, and it all started with spear phishing campaigns designed to compromise internal networks and banking systems, according to Security Intelligence contributor Limor Kessem.
While more technologically advanced solutions are obviously going to help the finance industry keep hackers out, it's also important to consider the human element here. People make mistakes, but it's important to ensure that employees are set up for success. This includes training sessions designed to ensure workers know how to avoid dangerous situations. On top of that, IT administrators should work to lower the number of people with administrative abilities. Simply lowering the number of points of failure can have a major impact on future security.