Data is more valuable than money; if analysed and used effectively, it can create significant competitive advantages for financial service providers. Once money is spent, it is gone, but data can be used and re-used to produce more money.
The ability to re-use data to access online banking and insurance applications, authorise and activate credit cards, or access a financial service provider's networks, has enabled cyber criminals to create an extensive archive of data for ongoing illicit activities.
It is becoming apparent that cyber security is not only an issue for the chief information security officer (CISO); it is increasingly becoming a critical factor to the success of technology-savvy and data-driven financial service providers.
CEOs are generally responsible for ensuring the growth of the business and shareholder returns. In financial service providers, value and returns are more often than not being linked to innovative technologies and data. The digital revolution is driving the innovation, collaboration and quantum growth of numerous financial service providers, while exposing them to new and emerging threats. As social and mobile technologies become more entrenched with consumers, the borders between the corporate network and the public domain are becoming blurred.
Cyber threats are no longer limited to public-sponsored espionage or the lone-wolf hacker. Today, well-organised cyber criminals perpetrate highly sophisticated attacks, often for financial gain. Attackers are motivated to target digital assets due to the increasing value of these assets - driven by business and society's growing dependence on them - and the perceived lower risk of detection and capture in conducting cyber crime when compared with more traditional crime.
The new cyber threats require a new way of approaching security. To reduce risk, it is critical for financial service providers to recognise that cyber intelligence has to become part of the organisation's DNA. The organisation has to be able to manage and monitor the threats it faces effectively, proactively and pre-emptively.
Deloitte advises that this approach can be summarised by the following:
* Prepare: commit resources to prepare the organisation to defend against a targeted cyber attack, and to respond to an attack as it happens.
* Aware: identify and predict what the targets and mechanisms of cyber attacks are; this necessitates having intelligence on the evolving threat landscape for financial service providers and your organisation specifically.
* Respond: be ready to respond to threat intelligence or an attack, both at an organisational level, and at a technology level, to prevent and limit the damage of an attack, and to investigate and capture evidence after the attack.
No single financial services provider can resolve the issue of cyber security in isolation. A collaborative, transparent multi-stakeholder approach must be taken; competitors in the financial services industry need to partner together in an effort to safeguard a sustainable and trusted environment for the industry as a whole to operate in.
Share
Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's approximately 170 000 professionals are committed to becoming the standard of excellence.
(c) 2012 Deloitte & Touche. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
Editorial contacts