Welcome!

Agile Computing Authors: Liz McMillan, Elizabeth White, Carmen Gonzalez, Pat Romanski, William Schmarzo

News Feed Item

Booz Allen Announces Top 10 Financial Services Cyber Risk Trends for 2013

Ask any customer what they expect from their bank or financial services firm today, and two words come through loudly and clearly: security and privacy. Commercial and institutional customers have come to expect seamless service, properly cleared transactions and fast, accurate information. But news about major cybersecurity breaches has alarmed consumers, causing banks to redouble their efforts to protect their technology infrastructure. This means the stakes have never been higher for banks and financial services firms, and there are clear trends for cyber risk and security protection in the financial services industry in 2013, according to the experts at Booz Allen Hamilton.

“When we think about the lethal daily threats to the globally integrated financial services industry from nation-states and individuals, it is imperative that Chief Information Security Officers begin looking around corners, talk with each other and better prioritize the real threats to their firms,” said Mike McConnell, Booz Allen vice chairman and former Director of National Intelligence. “Self-evaluation and industry-wide conversations are the new ‘rules of the road’ to creating successful, integrated cyber defenses. The CISO can really drive organization-wide change while still championing efficiency and customer service.”

McConnell is speaking today at Bloomberg’s Enterprise Risk Conference (more information) where he will discuss the financial services industry’s responses to state-based and state-sponsored cyber attacks. He added, “There are many cyber trends – including the sophistication and lethality of the attacks – that the financial industry should be aware of. Even though it is difficult to look into a crystal ball and predict the future, these events are happening now and could cause significant reputational, financial and infrastructure damage to any ill-prepared firm. Individual companies should not wait for legislation or an Executive Order to come together with their government counterparts to find dynamic solutions to these big issues.”

Booz Allen works with financial services firms to identify and benchmark best practices and challenges for long-term cybersecurity prevention and protection. This process is part of Booz Allen’s Cyber M3 (Measure, Manage, Mature) capability, which evaluates the maturity of a firm’s cybersecurity programs. Both Cyber M3 and the benchmarking program incorporate technology, business process engineering, human capital development and risk management in developing a comprehensive picture of a firm’s and industry’s cyber readiness.

The Top 10 Financial Services Cybersecurity Trends for 2013:

  1. Business/Information Risk protection is not Just a Technology IssueSpending on new technology alone is not enough to protect a firm’s information and business. Firms must also invest in people and in fine-tuning processes to ensure, not only the proper use of technology, but that the processes that require interfaces between organizations are well managed and executed flawlessly. No matter how good a technology is, if not used correctly by skilled employees who follow well-defined processes, vulnerabilities will surface that can be leveraged by both internal and external threat actors.
  2. Data disruption attacks may become data destruction attacks The potential of threat actors actually destroying data is a major concern among risk and security professionals. Over time, the financial services industry will face threats from extremist groups who, when denied access to weapons of mass destruction, will use cyber as a “weapon of mass disruption.” Additionally, threat actors who mean to disrupt a firm’s business operations to make a statement or prove what they consider a moral point will also utilize destruction of data to ensure they make an impact.
  3. Nation-states and threat actors are becoming more sophisticated We now have to face more sophisticated threat actors such as smaller nation-states and terrorist elements obtaining similar capabilities. The financial services industry must fully understand the entire threat landscape and what this means in terms of employing the right people, technology and processes to ensure business continuity and proper risk management.
  4. Legislation could push industry standards around cyber risks and improve threat intelligence information sharing Banks already share information, but they will need to do more in light of possible legislation to set standards for cyber protection. If Congress allows the sharing of important national security information, industry standards could become a benchmark requirement that firms must meet before they are given access to government information. Additionally, such legislation could help in reducing the valid fears of firms in sharing cyber incident information due to the threat of penalties and further regulation. The industry and government must acknowledge and treat firms as part of the nation’s critical infrastructure because a breach at anyone bank or firm can have severe, cascading effects on the nation’s stability.
  5. Predictive threat intelligence analytics will create a more effective risk management capabilityFinancial services firms must begin to employ a more predictive threat intelligence capability to determine who might be trying to attack them and how. Focusing on understanding their own individual business risks (as well as industry risks) and combating real potential threats that could focus on such risks is much more effective than trying to create a defense that could cover any possible threat.
  6. Vendor Risk Management is becoming an increasingly important concern among firms Most firms buy much of their information technology and services from suppliers. Therefore, these suppliers’ vulnerabilities become the vulnerabilities of the firms they provide products and services. Firms are becoming more focused on the security requirements for these suppliers and engaging independent third parties to evaluate the risks around such products and services.
  7. Cyber risk continues to be a board-level issue Information, legal documents, and communications with clients and employees are all becoming more and more electronic every day to include an even greater usage of mobile technologies and social media. The boards of financial institutions must create and embrace a culture that acknowledges the evolving risks and more openly shares incident information across the industry, with technology providers and with both law enforcement and the federal government.
  8. Firms must continue to embrace and adapt to the new “boundless network,” and must also invest in training its workforce to properly access and protect corporate data Cloud, social and mobile technologies, including “Bring Your Own Device” (BYOD), are simply too cost efficient and effective for institutions to ignore them. Security and risk professionals need to better integrate these technology trends, which will require they embrace the fact that the corporate network now has extended beyond their control. Risk management and mitigation is evolving to better control how corporate data travels these boundless networks and ensuring the education of their employees on the responsibilities they have in securing such data.
  9. Identity and Access Management is becoming a key security control area in which firms will continue to invest heavily The days of focusing solely on perimeter defense have long since passed. Phishing and other social engineering strategies employed by threat actors have been very effective in allowing them to penetrate almost any network. Banking institutions must assume these actors can get in. Ensuring proper identity of an authorized individual is a key area that is being addressed by all firms in all industries to address this new paradigm. Most threat actors employ a strategy to gain access to networks and information by gaining access to valid authorized credentials of a firm’s employee so that they can go undetected in their actions. Firms will continue to invest heavily in ensuring that an authorized user is actually an authorized user. Additionally, firms will invest more heavily in tracking unusual activity of a user to detect stolen credentials or an insider threat.
  10. The Financial Services industry will rely more heavily on cyber benchmarking The FS industry is investing more and more in protecting its information assets and wisely spending these scarce dollars is becoming increasingly important, not only from an effectiveness standpoint, but to also be able to articulate to business leaders, the value of such an investment. The FS industry, therefore, will continue to use industry benchmarks to understand how their competitors and suppliers are investing in people processes and technology for cyber risk management.

For 2012 Booz Allen issued its first annual list of cybersecurity trends for the financial services industry (read the 2012 list). Since then, the industry has experienced a number of high-profile attacks, such as the DDoS attacks on U.S. commercial banks and the New York Stock Exchange.

“In the span of one year, we have seen a significant shift in the frequency and sophistication of cyber attacks on financial services firms. This is perhaps the biggest trend of them all,” McConnell said.

ABOUT BOOZ ALLEN HAMILTON

Booz Allen Hamilton is a leading provider of management and technology consulting services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen combines deep technical knowledge with expertise in each client’s core mission to deliver proven results. Booz Allen is headquartered in McLean, Virginia, employs approximately 24,000 people, and had revenue of $5.86 billion for the 12 months ended March 31, 2012 (NYSE: BAH).

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search an...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.