Sponsored: Citrin Cooperman A cybersecurity storm is brewing in the financial services industry – Crain's New York Business




The persistent rains of social engineering attacks, where cybercriminals trick us into doing their bidding using techniques such as spear phishing emails, are combining with the gale force winds of data breaches and the destructive and all-too-frequent lightning strikes of ransomware, creating a foreboding and perfect tempest of cybersecurity threats that are rapidly bearing down on the financial services sector.
With each passing day, cyberattacks are becoming more sophisticated and capable of circumnavigating security defenses with an ever-increasing level of efficacy. Gone are the attacks resulting in small, isolated money grabs and minor production outages. Instead, financial service organizations are seeing exponentially more devastating impacts, resulting in multimillion-dollar fines, irretrievable data, prolonged disruption of operations and perhaps most important, brand degradation in the eyes of their customers.
Some samples of the catastrophic impact of these attacks:
• Capital One had more than 100 million credit card applications compromised after cybercriminals took advantage of a firewall misconfiguration. The attack resulted in fines of $80 million and customer lawsuits of $190 million.
• Experian experienced a data breach that resulted in more than 24 million customer records and nearly 800,000 business records being compromised after an employee was socially engineered into providing access.
• Desjardins, Canada’s largest credit union, was victimized by an insider who gained unauthorized access to millions of member records, causing estimated damages of more than $100 million.
• Flagstar Bank, one of the largest financial providers in the U.S., was the victim of a massive data breach this year. It was reported that Social Security numbers belonging to 1.5 million customers were compromised in the attack, triggering a series of costly class-action lawsuits.
Should members of the financial sector feel that they are not the most desired targets of cybercriminals, the consensus of researchers would indicate otherwise. According to IBM’s “Cost of a Data Breach Report 2022,” financial organizations experienced the highest percentage of attacks, compounded by having the second-highest average breach costs of almost $6 million. Verizon’s “Data Breach Investigations Report” says the financial sector experienced more data breaches than any other industry. VMware Carbon Black’s “Cyber Security in Financial Services” report provides another stark assessment of the financial services industry, saying that it is “subjected to the highest rates of attack of any vertical market, the source of one-third of all data breaches”.
 
Why are cybercriminals focusing their attacks on the financial services sector?
It’s finally here! Citrin Cooperman is excited to announce the launch of our new website- bringing you an innovative, industry-focused experience with exclusive content tailored to your needs. Access the future today at citrincooperman.com.
There are several key motivating factors. First, and perhaps foremost to criminals, is the tremendous amount of sensitive information that is stored and processed by businesses in the financial sector, often for extended periods to meet retention regulations. Second is the accessibility to the financial assets of customers, many of whom may be high-net-worth or even ultra-high-net-worth individuals. Factor in the industry’s reliance on an intricately connected system of devices, web and mobile fintech applications, and financial systems and supply chains, some of which adhere to a less-than-optimal level of security, and it is easy to imagine the multitude of ways that attackers can gain unauthorized access.
While there is no easy path to a secure destination that is invulnerable to cyberattacks, businesses can reduce their risk and increase their ability to avoid becoming the next data breach headline. While there are new and exciting technologies that are leveling the playing field in the battle against cybercriminals, including artificial intelligence, automation and robust security frameworks, there are essential building blocks that every financial services business should implement. They include:
• Assessments
Conducting cybersecurity risk assessments on a regular basis will allow businesses to identify where their risks lie so that they can direct remediation resources to where they are needed most. The scope of an assessment should include key third-party vendors, suppliers and other partners. Once an assessment is completed, it is critically important to repeat the process on a regular basis to reflect the constantly evolving threats and changes in technology.
• Awareness
Since the preponderance of attacks are geared toward socially engineering humans, it is critically important to educate all employees on the importance of defending their business against the nefarious schemes of criminals. While training is instrumental to every cybersecurity strategy, testing users with simulated social engineering attacks will arm employees with an instinctual ability to avoid cyberthreats. This approach will convert employees from what is typically the weakest link in the security chain to a virtual human firewall capable of drastically diminishing the chance of a successful cyberattack.
• Resilience
Taking the mindset that a breach is not “a matter of if” but “a matter of when” may seem like a defeatist attitude, but it is, in fact, a constructive one. By preparing for the day when the cybercriminals outmaneuver your defensive efforts, having a plan to respond and recover will slash downtime and the expenses related to returning to operational status. This preparation includes the secure creation of dependable backups, the development and regular testing of incident response and disaster recovery plans, and the acquisition of a cyber insurance policy.
The cybersecurity challenges facing the financial services industry are many, with businesses forced to defend themselves from an onslaught of criminals looking to enrich themselves with stolen information and ransom demands.
With a strategic approach that weaves cybersecurity into the fiber of every financial services business, however, the industry can weather the storm and reach for a brighter tomorrow.
For more information on securing your financial services business, contact Kevin Ricci at [email protected] or Alexander Reyes at [email protected]
“Citrin Cooperman” is the brand under which Citrin Cooperman & Company LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. Citrin Cooperman is an independent member of Moore North America, which is itself a regional member of Moore Global Network Limited.alternative practice structure. Citrin Cooperman is an independent member of Moore North America, which is itself a regional member of Moore Global Network Limited.
To view the print PDF, click HERE.
Citrin Cooperman is among the largest, full-service assurance, tax, and business advisory firms in the United States, having steadily built its business serving a diverse and loyal clientele since 1979. Our daily mission is to help our clients “focus on what counts.” Rooted in our core values, we provide a comprehensive, integrated business approach to traditional services, which includes proactive insights throughout the lifecycle of our clients, wherever they do business, across the globe. Citrin Cooperman is an independent firm associated with Moore Global Network Limited. citrincooperman.com
Please enter a valid email address.
Please enter your email address.
Please verify captcha.
Please select at least one newsletter to subscribe.
Staying current is easy with Crain's news delivered straight to your inbox, free of charge. Click below to see everything we have to offer.
Don't miss the chance to get the biggest news first! Stay connected to New York business news in print and online
Our Mission
Crain’s New York Business is the trusted voice of the New York business community—connecting businesses across the five boroughs by providing analysis and opinion on how to navigate New York’s complex business and political landscape.
685 Third Avenue
New York, NY 10017
(212) 210-0100
Contact us
FAQ
Report a problem
Staff directory
Crain jobs

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page