Cyber threats have become a growing menace to global financial security, constantly increasing in technological sophistication as well as potential devastation. Cyber attacks on financial institutions can not only result in significant financial losses, but can irreversibly destroy their reputations. To protect themselves and their clients, many banks have implemented dedicated cyber-security teams and protocols, increasing their defenses. With the security measures of larger financial institutions improving, however, many hackers are turning to smaller, less protected targets.
Fortune reports that a current trend in cybercrime is for sophisticated cyber criminals to eschew large financial institutions in favor of smaller targets. Credit unions, small hedge funds, and other mid-tier enterprises have now become favoured fare, primarily due to a lack of dedicated security measures like those that high-tier enterprises can afford to put in place.
Several small banks, credit unions, and microfinance institutions have implemented basic measures, using cyber-as-a-service companies like eSentire and Dell Security. These companies provide advice and remote monitoring to companies outside of the Fortune 500, and are feasible alternatives to hiring full-time cyber-security staff, especially for smaller financial institutions.
Indeed, measures such as these could greatly aid financial institutions around the world. The Dawn reported Thursday, June 23, that the State Bank of Pakistan has issued guidelines for banks to improve their security systems against cyber attacks. Their instructions provide directions such as financial risk management and ownership, periodic evaluation and monitoring of security controls, and regular independent assessment and tests. Though aimed at the boards of directors of these financial institutions, independent companies like Dell Security could potentially aid in these services, providing much needed insight and expertise to the industry and educating financial institutions on the prevention of cyber attacks, if not directly providing these services themselves.