According to the 2016 Cost of Data Breach Study by the Ponemon Institute, the cost of a data breach in the financial services industry is $221 per lost or stolen record, substantially above the average of $158 for all industries. The financial sector also experiences the highest rates of customer churn of all industries, at 6.2 percent. Faced with the prospect of losing customers, firms in the financial sector need to do all that they can to minimize security vulnerabilities.

The challenges faced by financial services firms vary depending on what sector of the industry the organization fits into and the regulatory requirements it faces. In broker/dealer relationships, the organization must monitor all calls, emails and text messages. In fact, every communication between employees and clients must be monitored to ensure integrity and proper representation of all statements. Regulatory requirements also vary by location, with some more stringent than others. Keeping on top of the regulatory requirements and changes in your sector and location is a must.

Governance and Oversight Are Essential

Throughout the financial sector, governance and oversight are essential, so all transactions must be closely monitored and all relationships effectively managed. In order to meet regulatory requirements, financial organizations must work closely with technology. All confidential and private data must be protected, especially when stored on mobile devices. Browsers are fairly standard, even on mobile devices, but mobile apps and the associated data are often not well deployed or managed. Organizations need to carefully consider requirements related to confidential and personally identifiable information when deploying mobile apps. If an app caches personal data, it should be encrypted, and robust access controls should be in place. In order to stay on top of security vulnerabilities, it’s important to be able to manage and balance the entire data lifecycle in terms of business, regulatory and customer requirements.

Deploy a Secure Platform

Financial services firms should deploy a secure platform that’s capable of mitigating security vulnerabilities before incidents occur and effectively enforcing security policies. Be sure you know up front if components such as hardware and operating systems are able to support your security requirements. As mobile devices become increasingly essential tools, it’s particularly critical to choose a secure mobile device platform such as Samsung Knox to protect data in the wild.

Ransomware Attacks

Ransomware is a particular threat facing the financial services industry, which comes in a close second to the healthcare sector in terms of the prevalence of ransomware threats. During 2015, extortion attempts were made to more than 100 financial services companies, particularly banks, warning them of powerful DDoS attacks if they refused to pay the ransom demanded. In light of these threats, financial services firms should not only ensure that they have effective technology tools in place to defend against ransomware, but they should also educate their staff on how to defend themselves. Because most ransomware attacks start with spear phishing emails, staff should always be wary of suspicious attachments or malicious links in emails, and effective training programs should be put into place to assist staff members in recognizing phishing attempts.

Mobile Payments Must Be Secure

One particular area of vulnerability in the financial services industry relates to mobile payments and mobile wallets, the use of which is on the rise. If used correctly, mobile payments can be more secure than credit cards or chip cards with signature only as authentication is required to enable a mobile payment — a one-time transaction leveraging tokenization which removes the card number from the transaction and makes replay attacks next to impossible.

However, security for mobile payments must be demonstrable. The core application and its underlying infrastructure must be as secure as possible to ensure the integrity of the transaction, and identity data should be stored and cached in secure hardware, where the hardware environment is used to sign transactions and generate encrypted information to improve overall security. This must also include a secure enrollment process for setting up keys and transaction information. Secure authorization mechanisms are required for ensuring integrity and for proving that the right person is accessing the service. It’s essential to understand the security capabilities and integrity requirements of devices, both for your business and for regulatory purposes.

The financial services industry is a key target for attackers. The stakes are high, and reputations can be badly damaged by breaches, causing the high rates of customer churn that we’ve seen. Financial services firms must do all they can to reduce the vulnerabilities they face by taking a proactive stance on security.

The Samsung Knox platform offers defense-grade security for businesses of all sizes. Read more about how its capabilities can protect your organization’s sensitive data.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth