Hear and learn from technology and IT thought leaders and strategists, as they share insights and methodologies to face today’s challenges and grow from tomorrow’s opportunities. Key themes presented through live and on-demand webinars and LinkedIn Live events: Application Development, Technology Integration, Microsoft Solutions, Automation, Cyber Security, Data Analytics, Digital User Experience, among others.
Why Compliance Is Not Security: Top Financial Sector Cyber Security Threats
October 21, 2021
LinkedIn Live Event Description
In this insightful video, the security experts, Mark Imhoff, VP Security & Enterprise Architecture, James Patterson, SVP Financial Vertical Leader, Ali Hamici, Cyber Security Specialist at System Soft Technologies, and Collis Dunwoody, Ethical Hacker at Security Compliance Associates and discuss why compliance is not a security and what are the top financial sector cybersecurity threats.
Watch the video to know what financial institutions can do to proactively protect themselves against cyber attacks
They discuss vulnerabilities and cyber threats affecting financial institutions today and what financial institutions are doing to protect sensitive data and applications and keep a trustworthy reputation.
A Look at Cyber Attack Statistics and Trends
Nearly half of all credit unions are at an increased risk of a cyber attack. Cyber attacks on credit unions can result in financial risk, ranging from $190,000 for small credit unions to more than $1.2 million for larger institutions [Black Kite Report: 2021 Third-Party Risk Pulse: Credit Unions and Vendor Ecosystems report].
With a changing work environment and remote workforce, security vulnerabilities are at an all-time high. Organizations must shift their focus from not only being compliant but investing in and incorporating a full cyber security focus. Those that solely focus on regulatory compliance, such as NCUA (National Credit Union Administration) audits, often miss gaps in their overall cyber security posture. Governance is the first step to ensuring a mature security posture.
Ransomware is the top cyber threat to small banks and credit unions, with 90% of all financial institutions have experienced a ransomware attack during the past year. According to the Black Kite report, 48% of credit unions and 58% of their vendors are at risk to cyber-attacks due to out-of-date systems. With legacy systems, there’s an inability to update and patch network software, allowing hackers to exploit well-known security issues.
In a study conducted by Ponemon Institute [The State of Software Security in the Financial Services Industry], many FSI organizations are more efficient at detecting and containing a breach rather than preventing them. Detecting (56%) and containing a breach (53%) is only 31% effective at prevention.
According to Black Kite, the top tactic used in ransomware attacks comes from malware (70%) delivered through social engineering campaigns and phishing attacks. With more than 66% of credit unions and 88% of vendors lacking email security to prevent spoofing and phishing attacks, this remains a top threat for financial institutions.
The experts answered some challenging questions on cyber security in the financial sector like
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.