The global coronavirus (COVID-19) pandemic has pressed security teams in the financial services sector to defend their organizations not only from cyber bad actors but also from an unexpected threat the contagion poses, consultant Accenture said in a new report.
“There are challenges around rethinking culture and collaborative practices as organizations seek to outmaneuver uncertainty in the future,” the financial services advisor said in its look ahead account, entitled 2020 Future Cyber Threats: The Latest Extreme But Plausible Threat Scenarios in Financial Services. In the report, Accenture offered an analysis of six potential threat scenarios that could hit the financial services industry.
Here’s the list accompanied by abridged Accenture analysis:
1. Supply chains introduce increasingly interconnected attack surfaces.
Supply chain threats to financial institutions in the past year have mostly hit managed service providers and cloud service providers. The wide spectrum of supply chain attack vectors makes it a significant blind spot for financial institutions of all sizes.
2. Credential and identity theft continue to accelerate.
Cyber criminals have taken advantage of the rich feeding ground for fraud from the extensive government funding programs extended through financial institutions to small businesses in greatest need.
3. Data theft and data manipulation stems from new vulnerabilities and cyber criminal behaviors.
The concept of naming and shaming ransomware victims, coupled with threatening to release stolen data makes the process of responding to ransomware infections more challenging.
4. Emerging technologies, especially deepfakes and 5G, advance cyberthreats.
Financial technology (FinTech) disruptors have rapidly expanded to new markets, increasing the level of dependence the broader financial sector has on these companies to deliver their core products. It is these areas on the periphery of financial institutions and markets, like FinTech, where large scale, disruptive attacks may originate.
5. Destructive and disruptive malware attacks spur multiparty and cross-sector targeting.
Financial services organizations are not always first in line to suffer from disruptive and destructive malware campaigns but they can be affected indirectly through the supply chain.
6. Misinformation shakes trust in retail and government-backed banks.
There is no evidence that sophisticated actors are spreading misinformation to support a financial or political agenda but it is plausible. As a result, the financial sector should consider how to combat both accidental misinformation and highly sophisticated disinformation campaigns that may arise in the future.
Five Potential Risk Mitigation Steps
The consultancy also laid out five recommendations specific to financial services organizations to guard against cyber attacks. Here’s an abbreviated list:
- Adopt a secure mindset. Instill a security first ethos, using up-to-date company information protection procedures, while making sure that computers and devices include the most current system and application versions.
- Secure the new perimeter. Rapidly address security protocols and solutions to enable the expansion of remote connectivity.
- Become agile and adaptive. Bring existing focus on business risk and resilience into the broader executive planning discussions.
- Focus on Nth party risks. Advise cyber threat intelligence teams to monitor and report upstream on cyber threats to critical suppliers and partners.
- Collectively respond and act. Collaborate with others with the common goal of securing the enterprise and the broader ecosystem to help smaller partners beat cyber threats with better protection for the front and back doors.