[ad_1]
By Dane Sherrets, Solutions Architect at HackerOne
The finance industry has long made peace with the fact that it will always be a prime target for cybercriminals. And yet the frequency and intensity of attacks in the years since the pandemic have disarmed even the most jaded industry veterans. It would be unfair to claim the finance industry hasn’t been proactive about protecting its assets from attackers—but it has also become clear that it hasn’t been nearly proactive enough.
The last month alone offers ample testament to the need for a more comprehensive approach to cybersecurity. First, in early November, the U.S. financial services division of the Chinese bank ICBC was hit by a ransomware attack so severe that it temporarily disrupted trading in the U.S. Treasury market. Just over a week later, a threat group successfully infiltrated the systems of Fidelity, among the largest title insurance companies in the US. The attack sent shockwaves through the housing market and forced Fidelity to block access to parts of its systems for days.
It is a given that the costs of a cyberattack—reputational and financial—make improving cybersecurity systems a first-order priority for financial institutions. But it’s increasingly become clear that one of the best ways to fend off the bad guys—and keep customer data safe—is to enlist hackers of your own.
Why the financial services industry is uniquely vulnerable
Before explaining why ethical hackers are such a valuable solution for the finance industry today, we should pause to explain some of the reasons why the industry finds itself in such a uniquely vulnerable position at this moment in time.
Again: the finance industry has, to its credit, spent much of the last decade working to fortify its systems against attack. In this pursuit, it has been spurred along by government regulatory agencies, which understandably demand much more stringent compliance protocols from financial institutions. And yet, it would seem the industry remains uniquely vulnerable. Why?
Part of the problem here stems from third-party vendors, which financial institutions are relying on to an increasing degree, using, in some cases, thousands of vendors to keep their operations running smoothly. This outsourcing is at once a necessary part of doing business and a major risk for these institutions.
But this increasing reliance on third-party vendors is itself a symptom of a larger trend remaking (and imperiling) the financial industry—namely, the increasing digitalization of every aspect of finance in the wake of the COVID-19 pandemic. With multi-cloud the norm throughout the industry, the range of potential targets has widened at an alarming rate.
And, while it’s true that stricter regulations compel the industry to identify and fix vulnerabilities before a product goes live, it is also the case that these protocols can provide a false sense of security, leading more elusive vulnerabilities to persist unnoticed. In this environment, it’s clear that one of the most viable defenses available to the finance industry is hackers. Our 7th Annual Hacker Powered Security Report provides some valuable insight into why this is the case.
One theme of the report is that—at precisely the time when security is most needed—security budgets are being wantonly slashed. Per the report, one-third of companies made security budget cuts last year, and one-third plan to do the same in 2023. The result of this industry-wide contraction is that IT teams are almost uniformly understaffed and overstressed—a dangerous combination at any time, let alone the most dangerous moment for cybersecurity in history.
How hackers can help
This is where ethical hackers can help. The skill set possessed by hackers differs significantly from that of the average IT employee—they understand how their bad-actor counterparts think on a deep level and are able to identify vulnerabilities that more traditional cybersecurity professionals might miss. It’s not surprising, then, that 70% of survey respondents said that hacker efforts helped them to avoid a significant security incident: hackers are the only people who have the skill sets required to stop attackers at the gate and keep finance organizations running smoothly.
Hackers, it’s worth noting, accomplish this at a fraction of the cost of what a financial organization might pay to retain a full-time staff member or a long-term security partner. They can plug the gaps without stretching your budget—identifying vulnerabilities on an as-needed basis. Per the report, the average cost of identifying a bug across industries is between one and four thousand dollars—pocket change next to the cost of an actual breach.
And while the finance industry has spent the last year testing use cases for generative AI (GenAI), that same technology has made hackers even more of a necessity, as bad actors begin leveraging GenAI for sophisticated attacks. Unsurprisingly, the majority of respondents (55%) said that GenAI will become a major target for them in the coming years, while for 14% it is already a significant tool.
As recent events suggest, things are going to get much worse for the financial industry before they get better. Just how bad things get for the industry, though, is potentially in their control. The fact is that hackers are the only group of people who can truly understand the attacker mindset: they are photo negatives, flip sides of the same rare coin. Financial institutions that internalize this insight will be significantly better positioned to weather—and perhaps even avoid—some of the catastrophes to come.
[ad_2]