From insider data breaches, like Edward Snowden releasing classified National Security Agency (NSA) information, to nation-state actor hacking threats, such as the alleged role of Russian intelligence in the 2016 Democratic National Committee (DNC) email leaks, information security concerns continues to make global headlines.
According to recent findings from CoreData Research, investors believe security and data protection are most in need of improvement and innovation within the financial services industry. Almost seven in ten (68%) US investors report this at a time when online and mobile transactions have never been more widely used. Investors are understandably worried about the security of the platforms they bank with and invest through.
As the financial services industry increasingly relies on digital technology, cybercriminals are becoming more sophisticated in their techniques. Whether politically motivated by so-called “hacktivists” or monetarily driven by organized crime, financial institutions need to be vigilant and on the lookout for new methods of attack.
Moreover, financial institutions not only need to secure their own cybersecurity controls but those of third-party vendors they outsource to. Any party with access to client data and information is potentially vulnerable to a cyberattack. This represents an area where many firms in the industry need to do more. Where breaches are traced to third-parties, it is often the principal firm that ultimately suffers the consequences.
Financial institutions have transferred much of their businesses to digital in a bid to improve efficiency and customer service. With cybercriminals continuing to find new entryways, the fight for data security appears endless. But do we need to accept these breaches and their ensuing consequences as an occupational hazard and a tradeoff for the benefits that digital brings?
A cyberattack can dent the reputation of a financial firm and result in lower customer confidence. And cyberattacks obviously pose a host of dangers for consumers, the effects of which are amplified if the attack is unearthed that much later. The JPMorgan hacking scandal that impacted approximately 76 million households in the summer of 2014 saw hackers gain access in June but the attack was not discovered until July and not completely contained until mid-August.
One potential weapon that could prove useful in the fight against cybercrime is blockchain. The technology that powers bitcoin could potentially redefine cybersecurity standards. The same CoreData findings reveal that US investors think blockchain is one of three technologies most likely to have the greatest impact on financial services in five years.
Blockchain is a consensus-driven decentralized ledger that records encrypted digital asset transfers without the need of a confirming third party. Because blockchain is unalterable, transparent and not subject to third-party confirmation, it can be especially valuable in protecting against cyberattacks. Nasdaq has built its own blockchain platform called Linq which has successfully completed and recorded private securities transactions. What does this mean? Faster clearing and settlement, lower administrative burdens and potentially better security.
But while some view blockchain as a solution to cybersecurity threats, others look to its vulnerabilities. If hackers were able to infiltrate the system, its configuration would instantly become a headache. Interpol has presented research where arbitrary data can be injected into the database, demonstrating these potential vulnerabilities.
In today’s world, it would appear we must accept some level of cybersecurity risk. There is no full-proof protection plan. But we also must place great care in responding to, and regulating the aftermath of, such fallouts.
Regulation is currently lagging behind when it comes to responding to the consequences of large-scale data breaches. While the Data Security and Breach Notification Act of 2015 requires financial institutions to disclose all information about security breaches to the Federal Trade Commission (FTC), many are clamoring for more regulation. Ultimately, financial firms must adapt to, and accept, heightened scrutiny.
Like investment risk, cybersecurity risk can be reduced and managed but not eliminated.
Investor confidence in data security is low and perhaps understandably so. At the time of the JP Morgan scandal, many thought banks were almost impenetrable due to the extensive effort and financial resources pooled into security. While cybersecurity checks are more vigorous, cybercriminals continue to find ways around them.
Are financial institutions prepared for cybersecurity threats? They are as prepared as they can be given current available protections. And firms continue to improve and sharpen their prevention capabilities. But for now, investors will have to accept a level of risk to reap the rewards of digital.