Reducing Cyber-Risk in Finance Through Automation


Nathan JacobsIndependent Security Analyst

Thursday, July 9, 2020

The major cybersecurity challenge in the financial industry is to stay one step ahead of the hackers. As fast as vulnerabilities are patched, new vulnerabilities emerge and are applied by the attackers.

Article 3 Minutes
Reducing Cyber-Risk in Finance Through Automation

Many security companies look at automation as a method to become more effective in reducing cyber risk in the finance sector. While reliable, automation should also be considered as a medium that can be applied to adequately predict functions and execute security patches quickly.

The Cisco 2020 CISO Benchmark Report states that there is an increased investment in cloud security and automation technologies to improve security in the financial sector. If implemented properly and with the proper tools, automation can greatly reduce cyber risks and prevent cyberattacks.

How automation can reduce cybersecurity risks

Financial companies are under constant stress to stay one step ahead of attackers. Cloud computing and blockchain technology are just two examples of technological improvements that are changing financial cooperation, increasing productivity, and driving growth.

The financial market is a common target for cybercrime thanks to the kind of data it processes. Financial services companies fall prey to cybersecurity attacks 400 times more often than companies in other enterprises. According to BlueVoyant’s October 2019 research, phishing attacks account for  nearly a quarter of all types of attacks in the financial area. The report further states that phishing is one of the most used attacks and it has now divided into various subcategories such as business email compromise (BEC), spear phishing, whaling, pharming, SMiShing and vishing.

A chart showing the range of cyberattacks facing the financial industry


Mitigating threats by embracing automation

Due to the basic vulnerabilities and risks associated with these attacks, the best method for financial companies is to adopt a more stable and reliable platform to send and receive data.

Subsequent threats arise from uncomplicated misconfigurations and identified vulnerabilities that have patches. This indicates that current on-premise and traditional IT appliances are lacking.

For example, Equifax understood the vulnerability but it was a misconfiguration that exposed their server and got them into hot water. This is where security automation plays a crucial role in preventing data breaches and why CISOs must concentrate on security sophistication and inclination analysis rather than a snap picture of security.

With the increasing number and types of cyber assaults, it has become difficult to protect against intrusions. To counter this, companies are required to predict new vulnerabilities, not simply react to discovered attacks. They need to move from reaction to automation.

However, the complexity of cyberattacks on financial companies has indicated that more one-off security solutions are no longer enough to identify and mitigate risks.

Threat intelligence with automation

Threat intelligence is the gathering and analysis of data, obtained from both local and global sources, to understand the threats that may in the future – or are currently – a threat to the organization. To be efficient in defending against cyberattacks, you must first recognize the threats that you’re sensitive to. Through examining the data generated across the network, the company will be able to:

  • Discover data and devices that are vulnerable.
  • Get the most prevalent attack vectors targeting these devices.
  • Find the most practical, efficient way to protect the data.

Threat intelligence can have a decisive influence on financial companies in their attempts to stay a step ahead of cybercriminals. Financial institutions must concentrate on the automation of threat intelligence to notify security updates as quickly as possible. By automating threat intelligence, companies will be ready to secure any major security alerts or events.

For example automating the tokenization of securities in financial markets, especially for private securities, will make vetting, custodianship, and cap table management of securities efficient with reduced cyber risks and fallouts like Equifax. This is where automation plays an important role in securing financial services.

As automation and reliable threat intelligence become more important, having a unified security architecture with automation in place will be required to keep a business secure.

Nathan Jacobs

Independent Security Analyst

Hey, I'm Nathan, an independent Security Analyst with over thirteen years of experience in advising global corporations to reduce cyber risk through innovative cyberwarfare. Doing complex security audits for clients is my forte. Recently, I've been sharing my resourcefulness by writing on the topis of cyber defense, cryptography, and blockchain, which can help businesses and individuals to gauge the actual impact.


Join the conversation...