This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here
TheStreet Open House

Booz Allen Says Cyber Attacks Are The “New Normal” For Financial Services Industry

Five years ago, questions directed at boards of directors and senior executives at financial services firms on the toughest risk management issues might have resulted in responses like “liquidity risk,” “regulatory compliance,” or “bad debt.” Few, if any, would have mentioned cyber security. Today, the same question generates a much different answer.

In 2014, the trends that matter to CISOs, CIOs, chief risk officers and board members at large and small financial services enterprises reflect their acute concerns about cyber security risk management in today’s “new normal” of persistent threats. Today, Booz Allen has compiled those areas of focus for its annual list of the “Top Financial Services Cyber Security Trends for 2014.”

In recent years, executives have watched the landscape change, seeing how DDoS attacks from the Izz ad-Din al-Qassam Cyber Fighters had the potential to destroy data, and reputations. They learned that cyber threats attack a bank wherever it does business, not just where it is headquartered. And they witnessed the critical benefits of public-private information sharing.

“Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber program that responds to an institution’s critical business risks, while considering the new realities of a complex and interconnected operating environment,” said Bill Stewart, senior vice president and head of Booz Allen’s commercial finance program. “We are increasingly helping clients to work through how best to align cyber spend with an ever increasing potential exposure. Threat actors continue to grow in sophistication, driving our clients to respond. Simply increasing spend is not the always the best option -- we are helping our clients build programs that respond to their material business risks while balancing resource expenditures. “

The Top Financial Services Cyber Security Trends for 2014:

  1. Banks generate and receive threat intelligence, but is it useful? – Major financial institutions are starting to understand that there are enormous volumes of potentially relevant information, but actionable intelligence is more difficult to identify. Fusing threat intelligence with other disciplines such as incident response and fraud is a proven method for connecting data elements to create actionable intelligence. Although 100 percent accuracy can only be a goal, an active defense is critical to protecting against threats that are exponentially smarter with each attack.
  2. Mobile security platform weaknesses are giving rise to new threats – The Perkele Trojan – a crimeware kit -- and other cross-platform malware have identified large gaps in mobile device security. These threats take advantage of weaknesses in mobile device platforms when information is sent to a hacker who then “owns” the device. Although Perkele has not yet spread globally, it is expected to rapidly grow beyond the Middle East during the 2013 December holiday season as consumers’ online purchases increase.
  3. Developing countries with growing liquidity will see more attacks on their local banks – As the saying goes, criminals go where the money is. Countries across the Middle East, Latin America and Asia Pacific are making great strides in modernizing their economic infrastructures, which puts them on sophisticated attackers’ radar. The Saudi Arabian Monetary Agency says that fraudulent operations target Saudi and GCC banks once every 14 seconds.
  4. Mid-tier banks and non-banking financial institutions beware – Attackers are moving from large-size banks to regional and mid-tier due to their lack of security. Unlike their larger cousins, mid-tier and regional banks, wealth management organizations, hedge funds, etc., often lack the financial, technology and manpower to introduce widespread cyber security protections. When grouped together, these organizations are like a row of dominos that, when attacked, can create a cascade of systemic risks that could impact banks of any size.
  5. Thwarting insider threats requires firm-wide planning and preparation – Whether an employee accidentally shares passwords or falls prey to a social engineering attack, the cyber “hygiene” challenges of today can no longer be a responsibility solely owned by IT. Banks need to develop multi-disciplinary teams that include IT, human resources, internal communications, marketing and legal to communicate to all staff the importance of being cyber risk aware and knowing what to do when a concern arises.
  6. The NIST framework creates challenges for financial firms while opening the door for liability protections from a growing cyber security insurance industry The NIST cyber security framework moves financial services firms closer to a set of voluntary guidelines that would create a de facto “standard of care,” which would then make private sector enterprises liable in the event of cyber breaches in which PII or other valuable data is destroyed or taken over by attackers. While this creates liability risk for banks, it also opens the window for the insurance industry to offer policies that help firms offset this liability.
  7. Big data demands data-level security, while offering a broader cyber solution – Banks depend on data. As operational data is moved to the cloud, proper fine-grained security controls are necessary to ensure banks not only avoid sharing sensitive data, but also defend against adversaries moving laterally across their data sets. As part of this transition, financial institutions have the opportunity to upgrade security architectures and integrate improved controls. In addition, this new architecture can allow for the deployment of advanced analytics to deal with enormous volumes of security data to better identify trends of malicious behavior.

“As financial institutions increasingly deploy mobile and cloud technologies and integrate their partners, suppliers and customers, their data perimeters are becoming much harder to define. As a result, some are essentially redefining the concept of a network perimeter,” said Stewart. “They do this by developing a much more dynamic cyber security approach that includes actionable threat intelligence, advanced adversary hunting as well as data protection and access controls developed at a much greater degree of granularity.”

1 of 2

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
Try it NOW

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
Try it NOW
Only $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
Try it NOW

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
Try it NOW

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
Try it NOW

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass Plus 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
Try it NOW

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
Submit an article to us!
DOW 17,140.41 +109.27 0.64%
S&P 500 1,995.21 +11.08 0.56%
NASDAQ 4,533.1560 +14.2540 0.32%

Brokerage Partners

Rates from Bankrate.com

  • Mortgage
  • Credit Cards
  • Auto

Free Newsletters from TheStreet

My Subscriptions:

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

Register for Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs