Learn how hybrid work is fueling ransomware attacks and what to do about it.

Back to blog

Financial services’ top 4 cybersecurity anxieties

Matt Shamshoian | Nov 08, 2022

illustration of people interacting with banking technologies

Share this article

The thing about anxieties is that everyone has them. There’s not a person alive who isn’t afraid or worried. Whether it’s spiders or public speaking or nuclear war, something likely keeps us up at night. Cybersecurity is the same way. A CISO for a major hospital network is going to be concerned about different threats and challenges than a CISO at a manufacturer or a nonprofit. These organizations have different intellectual property, interactions with customers, and business models — and are therefore targeted in different ways.

Financial services organizations are in a unique position. Their whole business model depends on assuring other people that their money is safe when they invest with them. There’s little room for error, given that finserv organizations are 300 times more likely to be hit by a cyberattack than organizations in other industries. They need to prove to consumers that their financial and personal information will stay out of the hands of malicious actors. Failure to do so can be a major hit on the firm’s reputation and a serious dent in the company’s viability.

This is critical as attacks on finserv organizations continue to rise — 89% of finserv CISOs saw an increase in cyberattacks in the past year, 13% higher than respondents in other industries, according to VMware’s Global Security Insights Report 2022. Additionally, 67% of finserv security leaders surveyed in the report were worried about a material breach, the most of any industry.

A discussion featuring Chief Information Security Officer (CISO) at TIAA and former Chief Security Officer (CSO) of Snap Finance, Upendra Mardikar, and our Chief Financial Officer (CFO), David Eckstein, breaks down what finserv security teams are concerned about and how they can ensure they’re adequately defended. Here are finserv’s top four security anxieties:

Insecure/Vulnerable remote workers

Security teams spent a decade building an impenetrable perimeter around corporate devices, and for a time this strategy worked. But when the pandemic started and droves of employees started working at home, that perimeter disappeared in an instant. “We had ten years of industry transformation overnight,” Eckstein said.

While the pandemic may be over, remote work is certainly here to stay, and many finserv organizations still haven’t upgraded their security to address this reality. Only half of finserv organizations surveyed in this report were confident their remote workers were secure, and only 18% were very confident. It’s critical that finserv organizations focus on security solutions that were designed to secure workers no matter where they are, what device they’re using, or how much traffic is on the network.

Poor connectivity for the global workforce

The array of contractors and teams distributed across the globe that finserv organizations often work with presents a huge challenge for their security teams, who need to balance security with usability. Far too often outdated security technology compromises on one of these areas, leading to issues like slow internet connections and work devices — nearly half of remote workers experienced this in 2021.

Most organizations still use virtual private networks (VPNs), but they were built for a time when only some people needed to be remote, some of the time, Mardikar said. VPNs are showing their age now and struggling with significant security and latency issues. They’re simply not scalable enough to meet the needs of today’s everywhere, anywhere workforce.

High number of false positives in detecting phishing sites

Finserv has quite the phishing problem — they experienced more phishing attempts than any other industry in the first half of 2022, according to Vade. Workers aren’t great at spotting phishing attempts even if they’ve been trained, so the solution that many finserv companies take of trying to detect and block more suspected phishing sites seems to make sense on the surface. But this could actually be counterproductive and lead to a rise in false positives that eats up security teams’ precious resources.

Finserv organizations can’t just cut off access to the Internet, and they need to allow workers to get their work done without obstacles. Instead of trying to detect more phishing attempts and hoping workers outsmart the ones that slip through, finserv organizations should focus on solutions that secure workers regardless of what they click on. Isolation technology allows this by moving the battleground away from users’ endpoints to an abstracted layer in the cloud, Mardikar said.

Slow deployment of new technology

Finserv organizations hold incredibly sensitive customer data, and the consequences of a breach are often more severe than other industries. With threats rapidly evolving and increasing in frequency, finserv organizations need solid security as quickly as possible. Unfortunately, security technology tends to lag behind digital transformation initiatives, and finserv organizations are still in early stages of cloud adoption, according to this report from Deloitte.

That’s why it’s key that finserv organizations choose security that can scale quickly without costing security teams unnecessary time and effort to deploy it. Scalable solutions let teams focus on their work instead of on the tools they need to get their job done, and allow for easy, quick growth that doesn’t compromise on security.

So, what does this mean?

It means that finserv organizations can still improve their security posture to defend against rapidly evolving threats. They can’t afford to compromise on security considering they contend with the second highest cost of a breach among all industries, and those costs continue to accrue for years after a breach, according to IBM Security’s Cost of a Data Breach Report 2022.

Finserv organizations need to ensure fast, reliable, and secure application access to a distributed workforce — yet they don’t have the luxury of time to roll out viable security solutions. The tools they do deploy need to reduce IT overhead, scale on a global stage, and preserve the native experience for users.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.