Financial services firms spent tens of millions during the pandemic adapting to a new business reality. During this time cyber often took a back seat, allowing technical and security debt to accrue. Now it’s payback time: the sector must take stock of its people, processes and technology to set itself up for success in the post-pandemic era.
A digital wrecking ball
Digital transformation has been a boardroom agenda item in financial services for many years. But almost overnight, demanded radical changes—to support mass remote working, seamless collaboration with partners and customers, and new and differentiated services. It’s no exaggeration to say that cloud-based technologies saved the day. And the impact will last long after COVID has become ancient history. According to an EY study from August 2020:
- 43% of respondents said the way they bank has changed due to COVID-19
- Online payments surged by 14%
- 24% of respondents said they expect banks to operate more digitally in the next 12-24 months
Tackling security debt
Unfortunately, when these digital decisions were made during the height of the crisis, banks were understandably more concerned about business continuity and worker productivity than security. But the technical debt that accrued must now be paid back. Customers and shareholders are demanding it. Why? Because the threat landscape has also evolved, and our adversaries are getting better than ever at targeted weaknesses in corporate security strategy.
As the corporate cyber-attack surface has expanded with digital investments, and threats have grown arguably more sophisticated and targeted, it’s getting harder for many organisations to detect and respond to such threats. Siloed solutions aren’t good at sharing threat intelligence, and leave plenty of gaps for the bad guys to hide in. Often when threats are discovered, they are dealt with in isolation, without reviewing the entire environment to see if wider remedial action is necessary.
This is having a serious impact on cyber risk levels. Trend Micro blocked more malware-laden emails headed for financial firms than any other sector in 2021, and discovered more ransomware files than any other vertical bar one.
So where do we go from here? There is an opportunity now to take stock of the past two years, better understand what technology has been acquired and where gaps in protection are. Consider the following:
- Look across your business and structure teams to protect against large-scale, sophisticated and targeted attacks
- Review security tooling, and consider consolidating siloed products onto a single platform for threat prevention detection and response
- Embed security into processes to protect across a much larger and growing threat landscape
Find out how we can support this journey and reduce your organisation's security debt.