Other parts of this series:
Thus far in this blog series, we’ve (1) explored the extent to which financial services firms have been effective at fighting cyber crime; (2) examined optimal kinds of security investments; and then (3) discussed the importance of technologies like automation, artificial intelligence and machine learning. In this wrap-up blog, it’s time to make some recommendations.
Based on Accenture’s experience and research, here are some recommended strategies and approaches for combating cyber crime.
- Remember that criminals look for your weak points. By analogy, you can have a very strong, steel front door to your house, but if you’ve left the back door unlocked, you’re in trouble. Don’t forget the basics.
- Think like a “bad guy.” Cyber crime is becoming increasingly sophisticated from a technology perspective. Criminals are using machine learning, automation, artificial intelligence, bots and more. Financial services firms are encouraged to actively keep up.
- Test and stress test. There’s hardware involved with security, of course, but cybersecurity is primarily software. There is no substitute for testing it like you would any other software—particularly stress testing to identify vulnerabilities more rigorously than even the most highly motivated attacker.
- Don’t overemphasize perimeter controls. As I wrote in a previous blog, many companies have over-invested in advanced perimeter controls, probably in the hope that it can compensate for weaker security elsewhere. The problem is, criminals always seem to find a way through the perimeter, sometimes by manipulating insiders through social engineering.
- Invest in innovation. Hire (or “rent” as a service) bright and experienced cybersecurity minds. Don’t hire just for “staff augmentation.” Find the handful of clever security people and drive their expertise across your global organization.
If a financial services firm’s cyber security protections fail, they can expect to face unexpected costs from not being able to run their businesses efficiently, and perhaps from damage to their reputations. Knowing which assets to protect, and understanding the consequences for the business if protection fails, requires (1) an intelligent security strategy that builds resilience from the inside out; and (2) an industry-specific strategy that protects the entire value chain.
For more information, take a look at our presentation summarizing the economic impact of cyber attacks in financial services.