Cybersecurity continues to top the list of risk management concerns across the financial services industry.
A survey of more than 200 operations and risk professionals at the end of 2021 saw respondents naming cyber risk the top overall threat to the industry. 更具体地说, over half the respondents had cited cyber risk within their top five threats, with 24% identifying it as the top risk facing the global financial system in 2022.
With the evolving nature of the cyber threat environment and the technology-driven shifts in the delivery of financial services, it is critical that firms routinely assess their security measures to address the changing risks they face.
保持“睁大眼睛”
In carrying out continual assessments of risk, firms should be mindful of how the geopolitical environment, 大流行, and natural disasters may impact business operations so that they can develop the capabilities necessary to address threats quickly and effectively.
Surprising developments in ransomware-, 第三方,, and emerging technology risks have required firms to re-examine their exposure to these threats.
Ransomware
A quick review: ransomware attacks are on the rise globally.
- 在美国, 联邦调查局收到了超过2个,400 reports of ransomware attacks in 2020, 哪种方式对受害者的损失最少 我们29美元.
- In the UK, the infamous 2017 WannaCry cyberattack reportedly NHS为此花费了9200万英镑 through services lost during the attack and IT costs in the aftermath.
- In Asia, Singapore rose from being ranked 44th for the share of ransomware attacks in 2019, 在2020年成为第21位.
Attacks can and sometimes will get past defenses; it is how an organization responds when an attack occurs that is critical. 磨练应变能力, tabletop exercises and simulations that replicate ransomware attacks can be beneficial in preparing firms for these types of events and to work toward timely recovery.
供应链攻击
具有里程碑意义的案件 2020年太阳风公司违规 is an example of a supply chain attack, in which the intrusion into the victim’s network was facilitated by first compromising one of the victim’s trusted suppliers.
供应链攻击 can have broad impacts due to the interconnectedness between financial institution systems and the expansive customer base of the third-party provider. 因为风险越来越大, financial services firms are applying robust risk management practices around the adoption of any new software or third-party products to identify security, 治理和控制弱点.
进一步, firms are developing process maps for the people, 流程, technology and third-party suppliers needed to deliver critical operations. These maps will assist firms in identifying how attacks may impact their operations to develop plans to mitigate those risks.
采用新技术
Any change to a firm’s technology composition may create new risks or change how existing risks are realized.
While not an explicit threat like ransomware or a supply chain attack, the adoption of any new technology requires firms to re-evaluate the potential risks created.
这是特别相关的 fintech adoption in the Asia Pacific region 呈上升趋势. 传统上, financial services technological adoption and transformation have been somewhat muted, with firms in the sector often running technology and infrastructure that is proven and tested. 然而, as firms consider their modernization journey and deliver new capabilities and services, new and emerging technology must inevitably become part of that analysis.
It is imperative that firms have a robust risk framework, whether the new technology is delivered within the firm or by a third party.
每个人都是网络利益相关者
The events of the last two years have challenged local and global economies, with cybercriminals increasingly looking to capitalize on these events.
To protect the industry in the face of an evolving threat landscape, firms need to increase both the rigor and flexibility of their cybersecurity and risk management activities.
Keeping our collective eyes wide open will necessitate consistent discipline in conducting simulations, 重新评估安全措施, and considering the interconnectedness of everything—and how the adoption of new technology impacts cybersecurity 帖子ure.
This article was originally published in CyberSec亚洲 2022年4月1日.