Blog · 12 Feb 2020

Cyber security trends in financial services for 2020

What new threat vectors will open up this year, and how can financial services firms tackle them?

Tris Morgan
Managing Director, BT Security

Prudent operators in the financial services sector are starting 2020 with cyber security at the top of their boardroom agenda, after 2019 witnessed some of the largest high-profile data breaches to date.

So what trends should firms be aware of?

AI and automation are marching on

AI, if deployed correctly, can dramatically accelerate the identification and mitigation of new threats, helping to prevent initial attacks from spreading and infecting the wider network. This decreases pressure on vital resources which can be redeployed to other areas, such as upskilling key personnel.

However, firms must be aware that a growing number of cyber criminals are deploying AI and deep learning against targets, via malware, for example. This forms part of an increasing array of tactics used by criminals to breach security such as ransomware, hidden adware, and exploiting insecure mobile apps and payments made over mobile phones.

The first line of defence against this sort of attack is to carefully consider all options before deciding when and where the use of new technology is appropriate for your business. But when AI-based cyber attacks do come, it’s an industry-wide problem and must be addressed as such. Intelligence sharing is vital, which is why we share key information with others in the telecoms sector.

Cloud migration is booming

The financial services sector is fully embracing the benefits of migrating to the cloud and is finding the cloud offers the same levels of security as a traditional solution provided its security is implemented correctly, with the right tools and skills. Many firms are choosing a hybrid cloud environment as a first step, using both private and public clouds to reduce any risks of outages. Organisations that quickly and securely adopt cloud technologies will pull ahead in terms of operational efficiency, productivity and customer reach. 

Firms need to know where their critical data is located and ensure a uniform level of protection across the system. Expanded supply chains and the evolvement of third parties present a big threat, with data dispersed across a wide network and multiple potentials for a security breach. Understanding what different cloud providers do and don’t do, before moving your critical information, is key.

It’s also essential that firms adopt a comprehensive approach to their security, considering the physical security of their infrastructure alongside what they have in the cloud. New security services such as intrusion and endpoint detection and protection will be increasingly important.

People are a significant security risk

The weak link in the cyber security armour and source of the majority of security breaches remains basic human error and sloppy security such as weak passwords or computers left on. Yes, people are becoming ever more aware of data protection following high-profile stories about the use of personal data. However, a great deal of education is still required, as cyber criminals evolve fresh ways to attack.

Firms need to work with the fact that simple human mistakes can undermine many of the best security protections and technologies. Rather than wasting time allocating blame, organisations need to channel their energies into creating security solutions that accept the inevitability of human error, building in protections and safeguards to anticipate this.

Interestingly, as cyber security rises up the financial services agenda it’s attracting a larger and more diverse security workforce. It’s no longer solely the domain of those with computer-related degrees as employers seek those with an understanding of how viruses adapt and behave as well as those with knowledge of implementation.

We’ll continue to monitor these trends throughout 2020 and beyond. To find out how you can protect your financial services organisation against cyber threats, visit our security pages.