Cyber-Attacks Principal Concern of Financial Institutions

A record 84 percent of respondents listed cyber-risk as one of their top five concerns, an increase of 25 points since the last survey was conducted.

financial institutions and cyber threats

Cyber-security ranks as the principal concern of the financial services industry, according to results of a survey released by the Depository Trust & Clearing Corporation (DTCC).

A record 84 percent of respondents identified cyber-risk as one of their top five concerns, an increase of 25 points since the last survey was conducted in March.

Furthermore, 33 percent ranked cyber-attacks as the number one systemic risk to the broader economy, up from 24 percent from March.

"As institutions seek to address ever-evolving cyber-threats, they are investing in personnel, processes and technology to understand and monitor the various threat actors who may be motivated to disrupt core business functions," Mark Clancy, managing director of risk management at DTCC, told eWEEK. "No single institution faces exactly the same mix of adversaries, attack motivation or threat capabilities. In response to these variables, institutions are increasingly adopting "intelligence-driven defense" to build specific countermeasures to the threats they face."

Clancy explained that effective intelligence-driven defense requires defenders to actively hunt for potential intrusions in their environments using all available intelligence about known techniques.

It also necessitates the analysis of large quantities of data about the operating conditions of an organization’s IT environment in order to identify previously unknown attack methods, he pointed out.

Nearly two-thirds (64 percent) of respondents cited the impact of new regulation as a top five concern, while 62 percent of respondents identified geopolitical risk as a top five concern.

Clancy said financial institutions need to implement intelligence-driven defense technology to protect themselves and the consumers connected to them.

"In addition to better understanding the attacker, intelligence-driven defense also recognizes that it is not possible to prevent all intrusion attempts. It requires a mindset change from--if we build walls high enough we can keep the bad guys out—to, let’s assume the bad guys are already inside," he said. "Rigorous planning for an effective response is also essential, so that when attackers are discovered inside the network, the defenders can be nimble in their ability to respond and evict attackers."

In addition, 37 percent of respondents said that the probability of a high-impact event in the global financial system has increased during the past six months – up 16 points since March.

In line with these results, 76 percent of all respondents indicated they have increased the amount of resources dedicated to identifying, monitoring and mitigating systemic risks over the past year.

"There are more cyber-criminals than ever before launching a barrage of attacks across the world. This trend will continue as the cost of technology continues to drop and criminals have a low barrier to entry to launch cyber-attacks, which means more cyber-threats will hit defender networks," Clancy said. "To address this growing challenge, companies will share threat intelligence information to bolster their defense systems."

Clancy also noted the cyber-intelligence sharing industry is a relatively new market that will continue to improve as more companies provide threat information.

"Key to growing this market will be creating communities of trust that share threat information. To increase trust, participants in this space typically allow for threat analysts to collaborate and communicate across individual companies and sectors," he explained. "The trust model will continue to evolve to a point where standard message formats are used for infrastructure-to-infrastructure information sharing in real time."