In the good old days — five years ago — the leaders of financial services firms thought their hardest risk management issues were such things as regulatory compliance, bad debt and liquidity risk.
Looking ahead to 2014, board members, CIOs, chief risk officers and chief information security officers at big and small firms are acutely worried about cybersecurity risk management, calling it the "new normal" of persistent threats, according to Booz Allen, a provider of management consulting, technology and engineering services.
Increasingly, wealth managers, hedge funds and midlevel banks are on attackers' radar, Booz Allen says.
In recent years, executives have seen how distributed denial of service (DDoS) attacks from the Izz ad-Din al-Qassam Cyber Fighters had the potential to destroy data as well as reputations.
Cyberattacks, they learned, threaten a bank wherever it does business, not just where it is headquartered. And they witnessed the critical benefits of public-private information sharing.
"As financial institutions increasingly deploy mobile and cloud technologies and integrate their partners, suppliers and customers, their data perimeters are becoming much harder to define," said Bill Stewart, senior vice president and head of Booz Allen's commercial finance program, in a statement.
"As a result, some are essentially redefining the concept of a network perimeter. They do this by developing a much more dynamic cybersecurity approach that includes actionable threat intelligence, advanced adversary hunting as well as data protection and access controls developed at a much greater degree of granularity."
Here are the top financial services cybersecurity trends for 2014, accoring to Booz Allen's annual list.
1. Identifying Actionable Intelligence
Major financial institutions process enormous volumes of potentially relevant information, but find actionable intelligence harder to identify. Fusing threat intelligence with other disciplines, such as incident response and fraud prevention, is a proven method for connecting data elements to create actionable intelligence, according to Booz Allen. Although total accuracy can only be a goal, an active defense is critical to protecting against offenders that become exponentially smarter with each attack.
2. Mobile Security Platform Weaknesses
Cross-platform malware, such as the crimeware kit Perkele Trojan, has identified large gaps in mobile device security. These threats take advantage of weaknesses in mobile device platforms when information is sent to a hacker who then "owns" the device. Although still a local Middle East phenomenon, Perkele is expected to lengthen its reach during the holiday season as consumers increase their online purchases.