Welcome!

Virtualization Authors: Mike Kavis, Elizabeth White, Carmen Gonzalez, Anne Buff, Roger Strukhoff

News Feed Item

Booz Allen Announces Top 10 Financial Services Cyber Risk Trends for 2013

Ask any customer what they expect from their bank or financial services firm today, and two words come through loudly and clearly: security and privacy. Commercial and institutional customers have come to expect seamless service, properly cleared transactions and fast, accurate information. But news about major cybersecurity breaches has alarmed consumers, causing banks to redouble their efforts to protect their technology infrastructure. This means the stakes have never been higher for banks and financial services firms, and there are clear trends for cyber risk and security protection in the financial services industry in 2013, according to the experts at Booz Allen Hamilton.

“When we think about the lethal daily threats to the globally integrated financial services industry from nation-states and individuals, it is imperative that Chief Information Security Officers begin looking around corners, talk with each other and better prioritize the real threats to their firms,” said Mike McConnell, Booz Allen vice chairman and former Director of National Intelligence. “Self-evaluation and industry-wide conversations are the new ‘rules of the road’ to creating successful, integrated cyber defenses. The CISO can really drive organization-wide change while still championing efficiency and customer service.”

McConnell is speaking today at Bloomberg’s Enterprise Risk Conference (more information) where he will discuss the financial services industry’s responses to state-based and state-sponsored cyber attacks. He added, “There are many cyber trends – including the sophistication and lethality of the attacks – that the financial industry should be aware of. Even though it is difficult to look into a crystal ball and predict the future, these events are happening now and could cause significant reputational, financial and infrastructure damage to any ill-prepared firm. Individual companies should not wait for legislation or an Executive Order to come together with their government counterparts to find dynamic solutions to these big issues.”

Booz Allen works with financial services firms to identify and benchmark best practices and challenges for long-term cybersecurity prevention and protection. This process is part of Booz Allen’s Cyber M3 (Measure, Manage, Mature) capability, which evaluates the maturity of a firm’s cybersecurity programs. Both Cyber M3 and the benchmarking program incorporate technology, business process engineering, human capital development and risk management in developing a comprehensive picture of a firm’s and industry’s cyber readiness.

The Top 10 Financial Services Cybersecurity Trends for 2013:

  1. Business/Information Risk protection is not Just a Technology IssueSpending on new technology alone is not enough to protect a firm’s information and business. Firms must also invest in people and in fine-tuning processes to ensure, not only the proper use of technology, but that the processes that require interfaces between organizations are well managed and executed flawlessly. No matter how good a technology is, if not used correctly by skilled employees who follow well-defined processes, vulnerabilities will surface that can be leveraged by both internal and external threat actors.
  2. Data disruption attacks may become data destruction attacks The potential of threat actors actually destroying data is a major concern among risk and security professionals. Over time, the financial services industry will face threats from extremist groups who, when denied access to weapons of mass destruction, will use cyber as a “weapon of mass disruption.” Additionally, threat actors who mean to disrupt a firm’s business operations to make a statement or prove what they consider a moral point will also utilize destruction of data to ensure they make an impact.
  3. Nation-states and threat actors are becoming more sophisticated We now have to face more sophisticated threat actors such as smaller nation-states and terrorist elements obtaining similar capabilities. The financial services industry must fully understand the entire threat landscape and what this means in terms of employing the right people, technology and processes to ensure business continuity and proper risk management.
  4. Legislation could push industry standards around cyber risks and improve threat intelligence information sharing Banks already share information, but they will need to do more in light of possible legislation to set standards for cyber protection. If Congress allows the sharing of important national security information, industry standards could become a benchmark requirement that firms must meet before they are given access to government information. Additionally, such legislation could help in reducing the valid fears of firms in sharing cyber incident information due to the threat of penalties and further regulation. The industry and government must acknowledge and treat firms as part of the nation’s critical infrastructure because a breach at anyone bank or firm can have severe, cascading effects on the nation’s stability.
  5. Predictive threat intelligence analytics will create a more effective risk management capabilityFinancial services firms must begin to employ a more predictive threat intelligence capability to determine who might be trying to attack them and how. Focusing on understanding their own individual business risks (as well as industry risks) and combating real potential threats that could focus on such risks is much more effective than trying to create a defense that could cover any possible threat.
  6. Vendor Risk Management is becoming an increasingly important concern among firms Most firms buy much of their information technology and services from suppliers. Therefore, these suppliers’ vulnerabilities become the vulnerabilities of the firms they provide products and services. Firms are becoming more focused on the security requirements for these suppliers and engaging independent third parties to evaluate the risks around such products and services.
  7. Cyber risk continues to be a board-level issue Information, legal documents, and communications with clients and employees are all becoming more and more electronic every day to include an even greater usage of mobile technologies and social media. The boards of financial institutions must create and embrace a culture that acknowledges the evolving risks and more openly shares incident information across the industry, with technology providers and with both law enforcement and the federal government.
  8. Firms must continue to embrace and adapt to the new “boundless network,” and must also invest in training its workforce to properly access and protect corporate data Cloud, social and mobile technologies, including “Bring Your Own Device” (BYOD), are simply too cost efficient and effective for institutions to ignore them. Security and risk professionals need to better integrate these technology trends, which will require they embrace the fact that the corporate network now has extended beyond their control. Risk management and mitigation is evolving to better control how corporate data travels these boundless networks and ensuring the education of their employees on the responsibilities they have in securing such data.
  9. Identity and Access Management is becoming a key security control area in which firms will continue to invest heavily The days of focusing solely on perimeter defense have long since passed. Phishing and other social engineering strategies employed by threat actors have been very effective in allowing them to penetrate almost any network. Banking institutions must assume these actors can get in. Ensuring proper identity of an authorized individual is a key area that is being addressed by all firms in all industries to address this new paradigm. Most threat actors employ a strategy to gain access to networks and information by gaining access to valid authorized credentials of a firm’s employee so that they can go undetected in their actions. Firms will continue to invest heavily in ensuring that an authorized user is actually an authorized user. Additionally, firms will invest more heavily in tracking unusual activity of a user to detect stolen credentials or an insider threat.
  10. The Financial Services industry will rely more heavily on cyber benchmarking The FS industry is investing more and more in protecting its information assets and wisely spending these scarce dollars is becoming increasingly important, not only from an effectiveness standpoint, but to also be able to articulate to business leaders, the value of such an investment. The FS industry, therefore, will continue to use industry benchmarks to understand how their competitors and suppliers are investing in people processes and technology for cyber risk management.

For 2012 Booz Allen issued its first annual list of cybersecurity trends for the financial services industry (read the 2012 list). Since then, the industry has experienced a number of high-profile attacks, such as the DDoS attacks on U.S. commercial banks and the New York Stock Exchange.

“In the span of one year, we have seen a significant shift in the frequency and sophistication of cyber attacks on financial services firms. This is perhaps the biggest trend of them all,” McConnell said.

ABOUT BOOZ ALLEN HAMILTON

Booz Allen Hamilton is a leading provider of management and technology consulting services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen combines deep technical knowledge with expertise in each client’s core mission to deliver proven results. Booz Allen is headquartered in McLean, Virginia, employs approximately 24,000 people, and had revenue of $5.86 billion for the 12 months ended March 31, 2012 (NYSE: BAH).

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual Controller™ Technology (SVCT) to eliminate the I/O blender effect and accelerate applications Gridsto...
The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
SYS-CON Events announces a new pavilion on the Cloud Expo floor where WebRTC converges with the Internet of Things. Pavilion will showcase WebRTC and the Internet of Things. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices--computers, smartphones, tablets, and sensors – connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, will examine three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics...
Internet of @ThingsExpo Silicon Valley announced on Thursday its first 12 all-star speakers and sessions for its upcoming event, which will take place November 4-6, 2014, at the Santa Clara Convention Center in California. @ThingsExpo, the first and largest IoT event in the world, debuted at the Javits Center in New York City in June 10-12, 2014 with over 6,000 delegates attending the conference. Among the first 12 announced world class speakers, IBM will present two highly popular IoT sessions, which will take place November 4-6, 2014 at the Santa Clara Convention Center in Santa Clara, Calif...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at Internet of @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., will show what is needed to leverage the IoT to transform your business. He will discuss opportunities and challenges ahead for the IoT from a market and tec...
SYS-CON Events announced today that TeleStax, the main sponsor of Mobicents, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. TeleStax provides Open Source Communications software and services that facilitate the shift from legacy SS7 based IN networks to IP based LTE and IMS networks hosted on private (on-premise), hybrid or public clouds. TeleStax products include Restcomm, JSLEE, SMSC Gateway, USSD Gateway, SS7 Resource Adaptors, SIP Servlets, Rich Multimedia Services, Presence Services/RCS, Diame...
From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An...
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
As a disruptive technology, Web Real-Time Communication (WebRTC), which is an emerging standard of web communications, is redefining how brands and consumers communicate in real time. The on-going narrative around WebRTC has largely been around incorporating video, audio and chat functions to apps. In his session at Internet of @ThingsExpo, Alex Gouaillard, Founder and CTO of Temasys Communications, will look at a fourth element – data channels – and talk about its potential to move WebRTC beyond browsers and into the Internet of Things.
SYS-CON Events announced today that Gigaom Research has been named "Media Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Ashar Baig, Research Director, Cloud, at Gigaom Research, will also lead a Power Panel on the topic "Choosing the Right Cloud Option." Gigaom Research provides timely, in-depth analysis of emerging technologies for individual and corporate subscribers. Gigaom Research's network of 200+ independent analysts provides new content daily that bridges the gap between break...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core of our infrastructures. At the same time, we have old approaches made new again like micro-services...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Swiss innovators dizmo Inc. launches its ground-breaking software, which turns any digital surface into an immersive platform. The dizmo platform seamlessly connects digital and physical objects in the home and at the workplace. Dizmo breaks down traditional boundaries between device, operating systems, apps and software, transforming the way users work, play and live. It supports orchestration and collaboration in an unparalleled way enabling any data to instantaneously be accessed on any surface, anywhere and made interactive. Dizmo brings fantasies as seen in Sci-fi movies such as Iro...
Software AG helps organizations transform into Digital Enterprises, so they can differentiate from competitors and better engage customers, partners and employees. Using the Software AG Suite, companies can close the gap between business and IT to create digital systems of differentiation that drive front-line agility. We offer four on-ramps to the Digital Enterprise: alignment through collaborative process analysis; transformation through portfolio management; agility through process automation and integration; and visibility through intelligent business operations and big data.
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, will describe an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device experiences grounded in people’s real needs and desires.
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: Esmeralda Swartz, CMO of MetraTech, has spent 16 years as a marketing, product management, and busin...