Banks and other financial institutions have long been leaders in information security.

They have spent sizeable sums over many years to guard information, processes and systems against disruption and theft. However, changing consumer behaviours are presenting challenges to security risk and resource management:

• Online and mobile banking are now well entrenched as alternatives to branch banking. Unfortunately, to malicious groups and individuals, these channels present further opportunities to attack. This creates more headaches for bank security teams and for consumers, who need to adapt their behaviour to minimise risk.  For banks and other financial institutions, this means allocating more budget to identify, measure and mitigate online and mobile risks.     
• The emergence of open banking – that effectively opens institutions’ data and processes to third parties, enabling them to build new applications and services – also raises concerns.  Banks and other institutions may entrust sensitive customer information to third party providers such as account aggregators and other payment disruptors. While this encourages innovation, it may also escalate the risk to customer information.  Key concerns include managing data when it is in transit between entities, when it is at rest and when it is in use.    This brings common authentication standards, consumer consent and data compliance to the top of banks’ and other financial institutions’ security priorities.

To manage security risks in this environment, banks and other institutions need a cyber threat detection capability that actively hunts for potential vulnerabilities across the network; integrated threat intelligence; current attack information sharing; and robust security incident plans.   They must also account for the greater focus on cyber security by boards. Board members are now reviewing cyber risk management policies and procedures for consistency with their organisation’s strategies and risk appetite. They are also taking an interest in whether these policies and procedures are functioning as required.   Furthermore, regulators are increasingly taking notice of and implementing requirements governing the security of institutions’ systems and data.  This means added reporting on security risks and postures – with, particularly when reporting to boards, an increased onus on security experts to translate technical terms and concepts into business language.

Banks and other institutions may consider throwing additional resources at these challenges – but this may be unpalatable at a time when they are under pressure to improve margins and reduce operating costs.  The shortage of cyber-professionals combined with the need to prioritise projects and budgets may in fact rule out adding new people. While boards and executives accept the need to spend money to improve security, they must also minimise spend and allocate it to achieve the best outcomes.

Many banks and other institutions have responded to growing security threats by investing in an ever-growing list of information security products. However, traditional information security product-sets are likely to focus on protection (e.g., firewalls), detection (e.g., endpoint detection and response), and visibility/alerts (e.g., security information and event managers).   

While these products are good at preventing or detecting security issues, they are not focused on the overall response. Once a security team knows they have a problem, they often apply a manual remediation process. For example, many organisations may simply add system alerts manually to a spreadsheet.   They may follow paper-based remediation processes, or even manage an issue through conversations between analysts and other team members. Many teams may communicate over email, making it difficult to monitor and report on remediation activities.  

We believe banks and other institutions need to adopt a centralised approach to drive efficiency and automation in security response. ServiceNow Security Operations is a security orchestration, automation, and response engine that can help institutions overcome the challenges described in this blog. If you would like to learn more, contact me at julia.smith@servicenow.com  or read my whitepaper that outlines in more detail how ServiceNow can be used to help address SecOps challenges at Banks.