Andrew Martin, CEO DynaRisk, shares why cyber security spending needs to trickle down to smaller businesses in the sector to ensure customers are protected.
For financial executives, knowledge is power when it comes to protecting against cyber attack
Small-to-medium-sized businesses are lacking when it comes to cyber security. While large organisations and certain sectors such as finance are ploughing big sums of money into cyber-defences, we are still seeing many smaller businesses across a range of sectors accidentally leaking customer information that cyber criminals can access and abuse.
Nevertheless, while increased investment may seem like the obvious solution for companies that have the resources, additional expenditure doesn’t necessarily equate to better defences. Over the last few years, we’ve witnessed data breaches from organisations including Facebook, Apple, J.P Morgan and British Airways – no doubt caused by archaic systems and poor staff awareness.
Attacks are evolving and becoming increasingly sophisticated, often changing at a pace that many businesses can’t keep up with. Unfortunately, cybersecurity issues often stem from a lack of knowledge and a lack of consistent training within an organisation; around 88% of UK data breaches were caused by human error last year, and not because of direct cyber-attacks.
Knowledge is power
For high-risk sectors like finance, organisations need to be doing much more to ensure that systems are properly fortified, and that breaches and leaks are not the result of human error. Any form of data loss or theft within this sector can, naturally, have significant consequences - and so more education is critical. Cyber-crime and technology is quickly evolving, and businesses of all sizes need to ensure staff have - at the very least - a basic level of knowledge when it comes to cybersecurity.
Adequate training can involve providing staff with the tools they need to keep themselves and the wider company safe. Because cybersecurity is nebulous, it can often feel irrelevant and people remain disengaged. However, by harnessing the tools available to assess individual workers’ cybersecurity credentials - something which can involve checking staff for stolen information, out of date or vulnerable software, as well as any potential privacy issues – the issue becomes real and relevant to everyone.
From discovering their own personal vulnerabilities, staff members can follow tailored advice and act to improve their credentials. This gives them something tangible to work with and act upon in both their private and professional lives. Ultimately, good cyber hygiene starts at home and a savvy workforce helps to protect the business as a result.
As attacks become more sophisticated, it’s more important than ever to remain constantly up to date with new risks as they emerge. Staff members of all levels should be taught vigilance and how to pre-emptively detect threats through regular, relevant training and by evaluating security credentials.
Third-party providers and cyber-footprints
For the financial sector, the risks associated with third-party providers are also huge. Having an extended network of suppliers can massively increase cyber-footprints, which are more difficult to manage the larger they become. A robust cyber-risk management programme that includes diligent checks of third parties, with ongoing monitoring activities, is essential for financial companies.
When dealing with third-party suppliers, financial executives need to work with wider teams to identify any potential risks. Start by investigating the way each supplier collects and processes data, as well as the way they store it. Is the company GDPR-compliant? Does it store data on cloud-based systems or within a secure server? In addition to this, while new technologies are an exciting prospect for businesses, novelty may supersede security exposing a range of potential difficulties. New technologies can unintentionally leave companies open to attack, especially when the tech is too new to be properly understood in terms of vulnerabilities.
The concept of cybersecurity scoring can therefore be helpful in these instances too - a security score allows companies to vet the accuracy of an assessment made by other organisations who might be trying to determine partner risk.
Education is the most powerful weapon
Spending more on security software isn’t the only thing that financial businesses should be looking to implement; education is arguably as important. Building – and enforcing – a resilient cybersecurity strategy lies in continuous education of all employees and equipping them with the knowledge and tools to detect and prevent attacks. Staying ahead of the curve means regularly monitoring and adapting to new threats – with continuous education, breaches and hacks can be more easily detected and remedied.