PwC predicts top cybersecurity risks of the future
Cybersecurity is a hot topic in corporate governance circles, and many financial institutions (FIs) are committed to staying abreast of the latest trends and developments in the industry.
Criminals are constantly adapting their techniques to exploit weaknesses in business structures, which means IT security professionals must understand current risks and future threats. But how can FIs predict the future?
Well, help may be at hand because PwC has published a new report that examines disruptions in the financial services industry and tries to predict what businesses can expect within the next four years and beyond.
A previous study from the Big Four firm showed 69 per cent of CEOs within the sector claimed they were ‘somewhat’ or ‘extremely’ concerned about cyber threats. The average for chiefs across all industries was 61 per cent.
PwC said this trend is unlikely to change anytime soon, so let’s have a look at some of the potential cybersecurity risks that FIs face from 2020 onwards. We’ll also examine some of the potential solutions that businesses can implement to overcome these challenges.
Cybersecurity risk factors
Outdated information security models are a key problem for FIs. PwC noted that many businesses still use the same frameworks they’ve had in place for years, despite the rapid advances in information risks over the last decade.
Meanwhile, a number of forces will continue to exert pressure on cybersecurity measures within organisations, including:
- Cross-border data exchange
- Third-party vendor use
- Evolving technologies
- Increased mobile use
According to PwC, cyber attacks are becoming increasingly lucrative for sophisticated fraudsters and other criminals. Earlier this year, hackers using malware managed to extract tens of millions of dollars from Bangladesh’s central bank.
“With incentives like these, criminals will continue to look for similar vulnerabilities in the future,” the authors of the report stated.
“And there are ominous signs that things could get worse, as certain threat actors now appear to be working together to carry out attacks.”
One area where PwC believes FIs should make significant efforts in the future is the Internet of Things (IoT), so let’s investigate how connected devices can create security issues.
Tackling IoT security issues
The IoT refers to the growing network of physical objects that use software and sensors to communicate with each other. This can include wearable technology, such as smartwatches, as well as cars, homes and even kitchen appliances.
A recent UK government report said there will be six billion such devices in use worldwide this year, with this figure expected to rise to 20 billion by 2020. Citing different sources, PwC claimed the number could go as high as 25 billion.
“Banks are forming partnerships with wearable technology manufacturers to allow customers to make mobile payments using watches or fitness trackers,” the report noted.
“Insurers are using telematics technology to monitor driving habits and provide discounts to safe drivers.”
However, increased adoption of IoT technology opens FIs up to a range of different threats. These include privacy concerns, as the massive quantities of data collected across multiple devices could breach consumer laws.
Hackers can also gain access to bank networks through compromised IoT products, making effective device management a crucial issue, particularly with the number of connected technologies within organisations.
Ultimately, the PwC report advises banks to identify cybersecurity challenges before they become urgent.
Formulating a strategy
There are many different elements that comprise a sophisticated defence against malicious digital attacks, including investing in the latest tools, securing senior management buy-in and attracting the best talent.
For example, cutting-edge data-mining software can help FIs optimise fraud detection by examining unstructured and structured data to spot anomalies. An increasing number of firms are also exploring cloud-based technologies to block attacks, boost collaboration and maximise intelligence-gathering and modelling techniques.
“Frankly, if you do not mitigate cyber-risks effectively, you could jeopardise the ongoing success of your whole institution,” PwC explained.
Organisations were advised to focus on acquiring, developing and retaining talented staff to help build the ideal cybersecurity environment. Businesses could also benefit from training regular employees about risks in this area.
A recent study from ISACA showed more than half of UK workers don’t receive any awareness training for cybersecurity issues. In fact, 36 per cent said they would be unable to recognise a phishing attack and 19 per cent had fallen victim to such threats in the past.
“It is critically important that we create awareness in cybersecurity and in multiple roles within an organisation,” said Christos Dimitriadis, chair of ISACA’s board of directors.
“The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”
As we can see, cybersecurity is an issue that’s likely to be a core concern for many organisations well into the future. But with the right strategy, security professionals and training in place, businesses can better prepare for these risks.
Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.
Image: Matej Moderc via iStock.