Blog

Within finance, digital trust reigns supreme in 2024

Lacework EditorialFebruary 15, 20244 min read

This blog features some content from our new eBook: 4 keys to cloud security for financial services. Download the eBook for more discussion on financial services industry trends and how these organizations can become cyber secure in 2024.

 

Let’s face it. Building and maintaining effective security for financial services organizations is really hard. Compliance and risk management requirements remain notoriously tricky.  Security talent pools are painfully small. And, according to IBM, the financial services industry is reporting costs of $5.9M USD per data breach. That number far exceeds the global cross-industry average of $4.45M. 

With rising costs and more sophisticated attacks, it sure seems like the time is now for organizations in the financial services organizations to evaluate better ways to protect their most valuable asset: customer trust.

Here are some overall trends we’re seeing within financial services in 2024.

More cloud means more governance

As the financial services industry embraces digital innovations and cloud computing, governments are digging in. We already know of many new regulations that have recently been enacted or are on deck to be implemented in 2024. And, according to Deloitte, even more new regulations will likely be rolled out or announced this year to help monitor industry stability and, specifically, to oversee how artificial intelligence is used in technology solutions.

In 2023, the US and Europe adopted more stringent security requirements for financial services organizations to keep them accountable. The US issued guidance from the Securities and Exchange Commission (SEC) with its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure requirements for US public companies. This guidance includes the timely disclosure of “material” cybersecurity incidents to the appropriate regulatory body or national authority.  

The US also released the Cybersecurity Maturity Model Certification (CMMC), a new Department of Defense (DoD) rule that requires any DoD contractor to certify that their cybersecurity controls are meeting federal requirements. Similarly in Europe, the NIS2 Directive has introduced more disclosure requirements for cyberthreats with tight timelines and stiff penalties. 

This increased oversight is upping the ante on cybersecurity for financial services. Organizations must now be ready to quickly fix cloud security risks, while also continuously monitoring users, data, and cloud infrastructure for active threats.

Human error remains #1

Attacks on financial services organizations are costing financial services a whopping $5.9M USD per breach, much more than every industry except healthcare.  

Phishing remains the most popular initial attack vector for tricking users into handing over sensitive information that enables unauthorized access. Not surprisingly, compromised credentials has become its own marketplace, making it the second-most popular attack vector. The common tie between these two attack vectors? Human error.

We believe these trends will continue in 2024 and beyond. As cloud security tools become more sophisticated, security teams must not fall into the belief that their cloud defense is impenetrable. Because, ultimately, a “perfect cloud defense” would involve humans making the correct choice in every situation. And, frankly, we all know that that’s not possible.

In 2024, the reality that humans are (and forever will be) error-prone should drive financial service organizations to technologies like continuous threat monitoring, which can act as a safety net when your best efforts fail.

Difficult to build, even easier to break

In the competitive financial services market, obtaining customers is difficult and expensive. Maintaining trust will forever be key to retaining the relationship and building revenue.  

Unfortunately, the road to securing sensitive data in the digital age is paved with potholes. From fraud to account takeover, from spear phishing to compromised credentials, from ransomware to ever-sophisticated malware, the risk of being exploited or potentially mishandling one of these threats is high.  

Studies have shown that customers are quick to break up with their favorite financial shop when breaches happen. The importance of trust in industries like finance and healthcare will continue in 2024 and beyond.

4 keys to a secure cloud for financial services

Financial services will continue to be one of the most targeted industries for cyber crime in 2024. It’s simply too lucrative. At the same time, financial services will also be one of the most scrutinized industries by its own consumers. These banks, fintechs, and financial institutions simply can’t afford to have inadequate cloud security measures. 

For some tips on how to navigate cybersecurity in 2024, download the eBook 4 keys to cloud security for financial services. In the book, you’ll explore cloud security trends in cybersecurity and get 4 tips on how to gain and maintain digital trust with consumers.

Categories

Cloud Security

Suggested for you

April 26, 2024

Anomaly detection and the xz-utils zero-day: A Composite Alert demonstration story

See Details

April 22, 2024

Pentest or real threat? How automated investigations help you respond in record time

See Details

April 19, 2024

Strengthening security culture: the CISO-CTO dream team

See Details