In Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets study, the consulting firm reported the rate at which cyber-attacks on banking and capital markets firms are successful dropped from 36 percent in 2017 to 15 percent in 2018. Despite the improvement, one in seven cyber-attacks remain successful – begging the broader question of what else, if anything, banks and capital market firms could be doing to protect themselves from attack?
While banks and capital market firms continue to improve their cybersecurity, so too do cyber criminals continue to improve their methods of attack. For example, while phishing and other more traditional attacks remain a threat, cyber criminals have begun using machine learning/artificial intelligence (“AI”) and automatization technologies to develop more sophisticated attacks. Indeed, the first AI-powered cyberattack was detected in 2017. In order to keep up with the cyber criminals, the Accenture report recommends banking and capital market firms invest in these same technologies to counteract these attacks. But only 43 percent of the firms surveyed are investing in AI and 38 percent in automation technologies for purposes of cyber defense, suggesting one area of potential improvement.
The increase in the sharing of data with third-parties, open-banking, and the rapid growth of Internet of Things (“IoT”) devices also pose significant increased cyber risks. Encapsulating these risks was a 2016 attack in which hackers using IoT devices rendered much of the Internet inaccessible to the east coast of the United States. The bot used in the aforementioned attack has also been used to attack banks. After gathering and digesting information about recent cyber-attacks, Accenture made the following recommendations for banking and capital market firms looking to further improve upon their cybersecurity:
- Firms should continue investing in cybersecurity. Only 22 percent of firms surveyed doubled their cybersecurity spending over the past three years, and only 34 percent plan on doing so within the following three years.
- Firms should work to identify breaches quickly. Sixty-two percent of the firms surveyed took more than 30 days to remediate a breach. But a breach must be remediated in a few days at most to contain the damage.
- Business units across a firm should be involved in cybersecurity. Of the 36 percent of breaches not detected by a firm’s cybersecurity department, 72 percent were identified by employees.
- In measuring success, companies should focus on how often a system went down and for how long; how long it takes to restore activity; and how long it takes your cybersecurity team to identify and secure a breach.
- Internal threats must be identified and addressed, or placed under surveillance. The most common cybersecurity breaches come from within, i.e. “malicious insiders.”
- Companies should hold their vendors and partners to the same cybersecurity standards they hold themselves. Only 38 percent of the firms surveyed hold their partners to the same cybersecurity standards that they set for themselves.
- Periodically conduct stress tests on cybersecurity software.
- Avoid emphasizing perimeter controls, such as firewalls and intrusion detection systems, as these can be easily bypassed.
While banks and capital market firms made significant strides in their cybersecurity over the past year, they will need to continue their efforts to make even further progress.