The cyber security threat landscape in financial services

Share this post:

Gary Meshell, WW Leader Financial Services, IBM Security, opened his IBM Think 2019 talk, How Financial Services Companies Should Respond to Cyber Security Attacks with a bold assertion and truism.  “It’s not a matter of if you will be breached, but just a matter of when,” he said.

Financial services firms must do more than just plan to prevent a data breach but knowing they will get breached, prepare to respond. “If you think you’re prepared for a cybersecurity attack, you’re not,” Meshell continued.

Meshell was joined on stage by Sean McKee, Senior Manager, Cyber Threat Management, TD Bank, to provide a perspective on how to ensure that a financial services company can gauge its readiness for a cyber security attack. IBM and TD Bank jointly developed cyber security incident response solution for the financial services industry.

The discussion touched on how financial services firms face a long list of complex and potentially interrelated risk factors:

  • Geopolitical
  • Phishing attacks
  • Cyber fraud – including executive digital impersonation
  • Insider risk
  • Supply chain risk

McKee told the audience of 70 financial services executives that, “From a macro, geopolitical stand point, if a nation state were able to disrupt through a cyberattack another nation’s infrastructure, we are wholly dependent on energy to run financial services.”

Sean McKee, Senior Manager, Cyber Threat Management, TD Bank

An increasing number of attacks on payment systems are using phishing attacks and social engineering to find out which employees have access to payment systems. The attackers use those employees for system breaches on payment systems.  “People are your weakest link regardless of the controls you have,” McKee acknowledged.

Attendees learned that TD Bank is taking down 12 LinkedIn profiles of their CEO a month, all fake, to mitigate employees linking to those accounts and becoming targets of spear fishing.

What steps should a bank take?

  1. Focus on cyber resiliency. Attacks will happen when you least expect it and are least prepared.
  2. Have a plan. An incidence response playbook and protocols are guides to managing a crisis on a consistent and coordinated basis.
  3. Apply a business lens. Craft a strategic and tactical response that goes beyond a technology solution, understanding the customer, corporate and regulatory ramifications.
  4. Know when to contact ecosystem partners and law enforcement.

The biggest challenges

One of the biggest challenges is the talent gap to respond and sustain response to attacks. Other challenges include:

  • Attacker/defender asymmetry—financial services firms are always playing defense
  • Legal privilege—the legal team is a stakeholder. Legal privilege concerns what you can and cannot share internally and externally
  • Coordinating response with critical 3rd
  • Reliance on a common supplier—for example, using the same vendor for additional digital forensics to identify the root cause in a systemic attack.

Cyber security is as much a business problem as a technology one. Every employee is a cybersecurity manager.” Sean McKee, Senior Manager, Cyber Threat Management, TD Bank

Cybersecurity implementation

“What can an organization do to prepare?,” McKee asked the audience. “Your plan is not worth the paper it’s written on if nobody knows how to use it,” he continued. He outlined four key steps to effective implementation:

  1. Exercise and test your strategy and plan. Come to a cyber range and bring your playbook
  2. Technical security controls testing (ethical hacking committee)
  3. Resource for success. It takes a long time to produce a proper exercise
  4. Continuous improvement

“TD Bank did a five month workup for a two day test. The president of the US bank immediately saw the results of their decisions,” McKee told the audience. “Cyber security is as much a business problem as a technology one. Every employee is a cybersecurity manager.”

Meshell wrapped up the presentation saying, “Every six weeks there is an IBM cybersecurity response exercise for senior executives to drive awareness. If you are a regulated industry, you have a fiduciary responsible to protect your customer data.”

–>Learn more about the IBM Cyber Range


Also follow the social media platforms to stay informed with the latest updates

Event Hashtag: #Think2019

WW Web Managing Editor, Banking, Financial Markets & Insurance

More Security stories

Why QIIB trusts IBM Safer Payments for cross-channel fraud prevention

Fraud prevention is about who you can trust. For financial institutions, it’s about understanding the relative risk of a customer, a merchant and/or a transaction, as well as hundreds of different factors including location, amount, device, etc. But for customers, both actual fraud attacks as well as incorrectly blocked legitimate transactions represent a breach of […]

Continue reading

Is “openness” the next big word in financial crime?

About a month ago, I attended the IBM RegTech Summit in London, which brought together a mix of financial services professionals, regulatory experts and technologists. But the terminology was markedly different than most financial crime and compliance events I’ve attended. With terms like “AI,” “machine learning,” “cloud” and “innovation,” you could make a successful run […]

Continue reading

IBM Algo FIRST becomes IBM FIRST Risk Case Studies

In the continued evolution of the IBM Governance Risk and Compliance (GRC) product line, I am pleased to announce that effective today, Algo FIRST (FIRST) is rebranded to IBM FIRST Risk Case Studies. Algo FIRST was acquired by IBM as part of the Algorithmics acquisition which took place in October 2011. During its time at […]

Continue reading