Financial institutions failing to detect cyber breaches for over a week
The world of business has been working diligently to respond to a glut of cyber threats that have hit home in recent years. While financial firms have built good cyber security in the past year, however, over 40% of breach attempts still slip under the radar.
According to a recent estimate by anti-virus software giant McAfee, the threat of cybercrime to businesses is rising fast, with damages associated with such breaches now towering at over $400 billion. This represents a boom from up from $250 billion in 2016, with the costs incurred by UK business also running in the billions. As firms of all shapes and sizes battle to stave off e-criminals, organisations are increasingly investing in ramping up their digital frontiers and security protocols; something which is finally beginning to yield tangible results – particularly in the financial sector – according to a new study.
A paper from Accenture, based on a survey of more than 800 enterprise security practitioners (75 from the UK), has discovered that financial services firms stopped 81% of breach attempts in 2017, up from 66% in 2016. As a result, confidence among banking and capital markets leaders is riding high, in terms of their cyber resilience, with 80% of respondents reporting "confidence" or "extreme confidence" in their ability to resume activity after a breach. On top of this, firms further believe they are ahead of the curve when it comes to cyber security, with leaders saying they are well positioned in an average of 19 out of 33 capabilities, including stakeholder involvement, cyber security accountability and cooperation during crisis management.
However, Accenture’s analysts were keen to warn against complacency when it comes to this improvement. Carmina Lees, a Managing Director for UK Financial Services at Accenture, cautioned, “Over confidence combined with under investment in cyber resilience could spell bad news for the sector. As financial services become increasingly digital and open banking and third-party data sharing change how business is done, cyber risks are only going to grow both in scale and sophistication. AI, machine learning and robotic process automation can provide a consistent way to monitor for and combat these threats, but only if firms are willing to invest in them.”
Undetected breaches
According to the data, one in seven breach attempts against banks and capital markets firms still succeed, and a massive 42% of attempts go undetected for at least a week. This figure falls to 25% with regards to UK financial services firms, however the fact that around a quarter of breaches are still going undetected for more than a week can mean a difference of huge sums of money and data for those firms, amid troubled economic times in Britain, particularly with an uncertain Brexit due to come to fruition next year.
At the same time, the researchers also pointed toward a greater reliance on partnerships for growth as a potential factor which will drive up external cyber threats in years to come. Accenture found that institutions hold their partners to lower cyber security standards than their own, leaving them more open to hackers via the proverbial backdoor. As financial services firms are also adding more connected devices to their infrastructures, amid a drive to make the most of digital from a point of customer service, criminals are finding more potential entry points than ever before, driving up the need for more robust security capabilities. External threats are not the only factor which the financial sector needs to keep an eye out for, though.
70% of global respondents and 64% of banking and capital market leaders cited fear that they could be subjected to internal breaches from malicious insiders, while the same number of both groups worry that they could be hit by a hacker attack, such as the famous Wannacry attack. Meanwhile, more banking and capital leaders than the global average are concerned that insider errors could compromise their security measures. Accidentally published information resulting from a failure to follow processes and policies was cited by 45% of financial services leaders, compared to the global 44%, as a key threat.
Advanced sophistication
While defences have improved, a cycle of escalation has likewise seen cyber threats grow in sophistication, thanks to the wider availability of technologies like automation, machine learning and artificial intelligence. At the same time, while these technologies pose new threats, they can also help improve a firm’s cyber resilience. Despite the promise of such innovations, however, many remain reluctant to invest. When asked which new and emerging technologies they were investing in to evolve their security programme, just 38% of respondents replied Robotic Process Automation (RPA), and a sparse 43% had directed funds toward machine learning.
Blockchain also languished beneath the 50% mark, even though it is already being leveraged by a plethora of other industries beyond the financial sector. In the UK, at the same time, while 80% of UK financial services executives regard these technologies as essential to combatting cybercrime, just a third of them are actually investing in them and only 21% plan to significantly increase their investment in the next three years.
Remarking on the slow adoption of these technologies, Carmina Lees added, “While UK financial services firms are making strides to close the gap on cyber-attacks, there is still work to be done given the amount of breaches that go undetected for so long. Historically, the focus has been placed on external threats. But firms also need to look closer to home at threats that already exist inside the organisation. It’s no good building a wall outside to stop people getting in. They need to work on the assumption that the hacker has already broken into the house and they need to contain them in one room to quickly prevent more damage.”