Financial institutions are becoming increasingly reliant on technology and the digitization of processes and procedures.  This reliance brings with it an increase in the risk associated with cybersecurity threats.  Many mid-sized financial institutions housed in the United States seek to expand and experience continued growth in all markets, including globally.  As such, these organizations look toward increasing use of newer technologies such as mobile banking, cloud computing, and information sharing to give them a competitive edge.  It is vital to examine the cyber risks associated with this increased utilization of technology.

Mobile Banking

Mobile banking is on the rise as financial institutions have begun to recognize that the traditional way of handling transactions is antiquated and inefficient.  More and more consumers are technologically savvy and expect safe and secure technology solutions to exist in their banking experiences.  Bansah (2018) describes this rapid growth in computerized services for financial organizations as necessary to remain competitive.  However, this move to increased digitization of services can cause financial institutions to become more vulnerable to cyber threats which may result in significant economic loss.  Some of these threats include hacking, phishing, identity theft, and malware.  Instituting proper security controls is essential in the face of these types of cybersecurity threats.

Possible Solutions:

• Physical Controls
  • Computer systems maintenances
• Technical Controls
  • Access controls, i.e., passwords, firewalls, digital signatures
• Administrative Controls
  • Rigorous internal procedures
• External professional support
• Cybersecurity Insurance

Cloud Computing

This trend toward mobile banking points to the need for financial institutions to rely on new technologies, like cloud computing.  Nelson (2016) listed an effective cloud strategy as amongst the highest concern for financial institutions budget-wise.  Use of cloud computing can increase the potential for greater mobility solutions, but it also plays a role in enhancing security by ensuring business continuity and disaster recovery.  The primary reason is that backups for whole systems are housed off-site and therefore considered safer in the event of a breach. More and more financial organizations are utilizing the cloud for data backup and storage purposes due to its cost-effectiveness and ease of use.  However, the very nature of Cloud computing that provides such inherent positives also allows for security threats and breaches.  Highly sensitive data like financial records and personally identifiable information is stored in the cloud, and the use of cloud computing solutions can also pose a problem for financial organizations in detecting and protecting against malware.  Researchers Tunc et al. (2017), identified some of the dangers as denial of service (DoS) attacks, account hijacking, and compromised credentials. 

The use of encryption techniques is one method to counter these dangers.  However, not only are organizations using encryption methods to protect their information from unauthorized access, but malware creators are also encrypting their programs to prevent detection.  Researchers, More, Chandugade, Rafiq, and Pise (2018) recommended a hybrid implementation of encryption techniques that involved using two different methods in combination.  The two algorithms that they chose to combine were Attribute-based encryption (ABE) and Byte Rotation encryption algorithms (BREA). This was in direct response to the need for creating a more secure cryptosystem for sharing and exchange of data over the cloud.  Another technique that is gaining in popularity is to encrypt information before ever putting it in the cloud.  One way that this can be done is by homomorphic encryption.  Ogiela and Oczko (2018) presented some of the positives of homomorphic encryption which would allow operations to be performed on encrypted data.  This circumvents the need to provide full confidential data in plaintext form that can easily be accessed by attackers.  The use of homomorphic encryption is a cutting-edge research and is still in need of further investigation.  But it is a promising technique that is worth keeping an eye on for possible future implementations in the financial sector as cloud computing solutions increase.

Information Sharing through Big Data Analytics

Communications and network security are critical components of cybersecurity.  This is especially true for mid-sized financial institutions which conduct business across the United States and abroad.  According to Gai, Qiu, and Elnagdy (2016), an emerging trend for financial institutions was the sharing of information and resources. Sharing of data allowed for organizations to create market value by gaining new perspectives and increasing their economic viewpoint. Much of this information sharing is available by cloud computing and big data analytics.  The use of big data allows organizations to analyze both structured and unstructured data.  This new form of data analytics can expose new cyber vulnerabilities that were undetected previously.  However, these benefits can also pose as potential drawbacks as they provide prime targets for cybercriminals.  Some of the significant areas for cybersecurity identification include intrusion detection, malware detection, and security threat defense.  According to Camillo (2016), it is necessary for financial institutions to create a “holistic” strategy for risk management to counter the new cyber threats on the horizon adequately. The senior leadership of a company must recognize and take responsibility for cybersecurity risks and ensure that proper procedures are in place.

Cybersecurity Insurance

Cybersecurity insurance is an emerging model for insurance service.  Cybersecurity insurance provides a service to alleviate the risks when using digital technologies and provide stronger information protection.  Eckenrode and Friedman (2018) conducted a survey of the state of cybersecurity for financial institutions.  They found that about two-thirds of the companies surveyed at the lower tier of the National Institute of Standards and Technology (NIST) framework implementation did not have insurance for cyber risk coverage.  Whereas that number was precisely opposite for those companies surveyed who were at the highest tier of the NIST framework implementation.  Of those, about two-thirds had complete insurance coverage for nearly all possible cyber threat scenarios and even more had insurance for at least half.  According to Elnagdy, Qiu, and Gai (2016), many institutions attempted to cover all aspects of cybersecurity threats rather than specifically targeting those areas of greatest weakness and vulnerability.  This caused distinctly higher costs to the institution.  The authors pointed out that it was necessary to establish a deeper understanding of cyber risks to help reduce the cost of cybersecurity insurance.  Examination of risk management methods and models is one such avenue for gaining this more in-depth understanding and knowledge.

What’s Next?

Cybersecurity threats will be an ongoing and pervasive part of operations in the financial sector.  As organizations embrace new and upcoming technologies to gain a competitive edge and keep up with current trends, they must also be prepared to combat the cyber threats that accompany them.  Here we have examined just a few of those technologies like mobile banking, cloud computing, big data analytics, and cybersecurity insurance. To face the cyber threats that accompany these innovations involves the institution of physical, technical, and administrative controls.   Security risk and vulnerability assessment are crucial aspects of cybersecurity initiatives.  It is vital that the leadership of the organization take an active stance in cybersecurity risk assessment as well as for all employees to be made aware of cybersecurity risks and initiatives.   For financial institutions to face the future with confidence, they must have a strong cybersecurity stance.

References:

Bansah, E. A. (2018). The threats of using computerized accounting information systems in the banking industry. Accounting and Management Information Systems, 17(3), 440-461.

Camillo, M. (2017). Cybersecurity: Risks and management of risks for global banks and financial institutions. Journal of Risk Management in Financial Institutions, 10(2), 196-200.

Eckenrode, J., & Friedman, S. (2018, May 21). The state of cybersecurity at financial institutions: There’s no “one-size-fits-all” approach. Retrieved from https://www2.deloitte.com/insights/us/en/industry/financial-services/state-of-cybersecurity-at-financial-institutions.html

Elnagdy, S. A., Qiu, M., & Gai, K. (2016, June). Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing. In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 295-300). IEEE.

Gai, K., Qiu, M., & Elnagdy, S. A. (2016, April). Security-aware information classifications using supervised learning for cloud-based cyber risk management in financial big data. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS)(pp. 197-202). IEEE.

More, P., Chandugade, S., Rafiq, S. M. S., & Pise, P. (2018, February). Hybrid Encryption Techniques for Secure Sharing of a Sensitive Data for Banking Systems Over Cloud. In 2018 International Conference On Advances in Communication and Computing Technology (ICACCT) (pp. 93-96). IEEE.

Nelson, B. (2016). Top Five IT Budget Considerations for Financial Institutions. Illinois Banker, 101(6), 24–25. Retrieved from http://proxy1.ncu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=120774939&site=eds-live

Tunc, C., Hariri, S., Merzouki, M., Mahmoudi, C., De Vaulx, F. J., Chbili, J., … & Battou, A. (2017, September). Cloud Security Automation Framework. In 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS* W) (pp. 307-312). IEEE.