Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity News

Biggest Cybersecurity Risks for Financial Firms

By John Carbo
data-enews
October 29, 2019

October marks Cybersecurity Awareness month, and with seventy percent of financial companies having suffered a cybersecurity incident in the past 12 months, according to a recent report by Carbon Black, it’s crucial for firms to not only know their biggest cyber risks but how to prevent them. This article will talk about the biggest risks facing financial firms and best practices for prevention. 

If your firm is in the thirty percent that did not suffer from a cybersecurity incident, then stay vigilant. The unfortunate reality is that most firms do not know about a breach until months later. Not experiencing a cybersecurity incident is not a trustworthy indicator of the ability of your security program to prevent and detect incidents. You could be lucky, you may not be the target, or you could be doing a great job!

We can divide cyber incidents into two general buckets: random and targeted. Protecting against random attacks is the first step. Attacks in this bucket do not necessarily care who they impact. The goal is to compromise someone or something in hopes of obtaining something valuable. The value can be credentials or merely machines to add to a botnet. Protecting against random attacks comes down to good security hygiene. 

The Center for Internet Security provides a list of 20 controls to follow for a good baseline of security. Firms should apply these controls and extend them to devices that travel outside the firm’s network perimeter (BYOD). Cybersecurity awareness training should extend beyond “things to follow to protect the firm” to include “things to follow to protect yourself.” A targeted attack has a better chance of success if training is focused on just protecting the firm. The target of the attack needs to understand that they are the target because it is easier to compromise them than the firm directly. 

It is easy to forget the digital devices and mechanisms that are in place all around us. As technology improves, it seems to vanish into the background.  It is important to step back and think about the technology that we use and more importantly the relationships between them. Integration between devices and accounts can increase our attack surface and create more opportunities for weak links. Most attackers are looking for the easiest way in, and the easiest way in is usually a device or account that we forget about. Once connected to the Internet, the dusty tablet or laptop that was in the drawer is more attractive to the attacker than your always-on workstation with auto updated antivirus and security patches. A forgotten account with a weak password and no two-factor authentication (2FA) could be easily compromised and could give an attacker a foothold into a more secure account. 

Think about your email account which is used to recover passwords for other accounts. You probably have 2FA on your bank account, but what about your email account that is used to recover your bank account? The point is that we need to look at all the technology we use collectively and not in a vacuum. We need to configure privacy settings comparably across our devices and accounts, keep all of them up to date, use unique passwords for accounts and enable multi-factor authentication. 

Using technology is unavoidable at this point, but we can limit it in some circumstances. Think about paring down the number of devices that you use to make managing their security less burdensome. Think about your technology needs over wants. Do you really need an Internet connected fridge or stove? Do you need a smart assistance which listens “only” for key words to activate? Maybe you do, but then you need to know how to secure them and protect yourself. 

Firms need to also look for opportunities to decrease their attack surface. Each piece of technology adds its own level of risk. All the technology combined presents a different level of risk. Firms need to inventory its technology, decide what is necessary to keep, remove unnecessary technology debt and identify the remaining risks. Some risks cannot be remediated by applying a patch or upgrading to a new version, firms need to figure out a mitigating control to address these residual risks. When it comes to data, the best way to secure data is to not have it in the first place. Decide on what data is required for the business, and only collect and protect that data.

The National Cybersecurity Awareness Month 2019’s main theme is “OWN IT. SECURE IT. PROTECT IT.” Adding the initial step of reducing a firm’s technology needs will go a long way to remain in the thirty percent of unaffected firms.

KEYWORDS: Bring Your Own Device (BYOD) cyber security financial service security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John Carbo is the Director of Information Security at Abacus Group, an IT service provider for alternative investment firms. John has spent his entire career in the financial services industry, working previously for large banks where he gained experience in security and system integration. He’s currently a Cybersecurity Fellow at NYU, in partnership with the NSA Center of Excellence in Information Assurance, Research and Cyber Operations. John holds various information security and privacy certifications, including CISSP, CSSP, CSAE, CIPP/E and CIPM.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0519-Review-Feat-slide1_900px

    Don’t Just Rely On Data Privacy Laws to Protect Information

    See More
  • Generic Image for Cyber Security

    Survey Reveals Time to Identify Advanced Threats is 98 Days for Financial Services Firms, 197 Days for Retail

    See More
  • finance

    Fraud continues to grow for financial services and lending firms, both before and during the pandemic

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 150 things.jpg

    The Handbook for School Safety and Security

  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing