For banking and financial sectors cybersecurity threat landscape is constantly evolving. In a recent research note, the financial services industry was identified as the biggest target by cyber criminals, across 26 different industries. In addition, according to United States Secret Service (USSS) and Federal Bureau of Investigation (FBI), cybersecurity threats to financial sector have been identified as the most common form of cyber criminal activities across our electronic infrastructure.
Contrary to popular belief, financial services industry in the U.S is far more aware and better prepared for cyber attacks. However, financial institutions and banks operate on a global scale and an overseas financial partners amplify their risk exposure. In addition, financial services industry heavily relies on third party vendors to manage their IT systems. This is a big problem since small IT vendor neither have resources not budget to address cybersecurity risks. In the past, third parties relied on “self-certification” process but it has proven to be inconsistent and less reliable. Currently vendor IT assessment and compliance efforts are driven by U.S. and European regulations but in long-run financial companies need to be more cognizant and be proactive in driving vendor testing and compliance efforts.