Financial Sector The Evolution Of Threats Forces It To Rethink Its Security Model
Customer interactions have primarily moved online rather than in-branch, opening the way to new risks through unsecured instant messaging. As in other sectors, the lines are moving in the banking sector. Information systems are increasingly open to many actors with very varied uses, and employees are now more or less regularly outside the walls of the company. Customers go less and less to banks and insurance agencies, preferring to carry out their tasks online.
In this context, the borders of the banking sector are changing, so much so that “the historical security model of recent years must be reviewed to take these new elements into account”, insists the Skills Forum, which brings together experts in security systems. Information (ISS) and business continuity (CA) of the financial center.
“The multiplication of customer journeys backed by digital technology exposes customers to more phishing. Once the victims are infected, malware collects their personal or banking data. These may be exploited for the purposes of resale or financial fraud,” recall the authors of the Skills Forum report.
500% increase in mobile attacks Proofpoint found that smartphone attacks increased by 500% in 2021. Another study by Jamf notes that one in 10 mobile phone users fall victim to a phishing attack!
This explosion confirms that cybercriminals exploit this change in behavior to steal sensitive data. A greater volume of sensitive data exchange (for example, supporting documents sent as attachments for a loan or life insurance application) or even the use of mobile banking applications increase the attack surface for individuals.
But a document incorporating malicious code could also infect an adviser’s terminal, then spread to the establishment’s IS. To respond to all of these challenges and threats, new concepts have emerged, including that of “ Zero-Trust ”.
Identity and Access Management (IAM) is the crucial security brick among the pillars of Zero Trust. Any access to a resource must be secure, dynamically controlled, monitored and supervised in real-time.
The entire financial sector must now think even more seriously about the response it can provide to cyber threats, transforming the way of considering customer relations, the relationship with institutions and the level of trust placed in the information system.