Security

Does Your Bank Have the Right Cybersecurity Tools in Place?

Financial firms are spending big on security, but are they deploying the right solutions? Here’s why the big picture matters — and how banks can bring it into focus.

Erin Thor

Erin Thor is Regional Sales Manager, Financial Services Enterprise, for CDW

Cybersecurity is the highest priority for banks, with 71 percent of financial service leaders expecting to increase security spending this year. However, as noted by a recent Deloitte analysis, while money is no object for many financial firms, simply spending on the latest and greatest security tools isn’t enough to guarantee protection.

From the need to innovate across cloud without disrupting legacy deployments to increasing competition for security talent and complex cyber risk metrics that Deloitte describes as “a veritable Tower of Babel,” banks often end up with a host of overlapping, interacting security tools that theoretically offer protection. Practically speaking, however, firms may find themselves oversaturated in some security arenas and woefully underprepared in others.

The solution? Getting the big picture to ensure tools, technologies and talent work in tandem. Here’s how.

1. Improve Visibility into Bank Security Controls

What banks can’t see can hurt security. Lack of visibility into the type of tools being used and how they interconnect can create significant security shortfalls that firms can’t afford — especially when it comes to the increasing use of digital consumer data and its corresponding compliance requirements.

Silos remain the biggest barrier to security insight. Despite recent efforts to remove them, the security posture at many banks is still driven by departmental differentiation — since frontline service, credit processing and investment management teams have disparate risk thresholds, for example, separation of security remains common. And while this may address individual issues, it presents a potential problem at the edge: What happens to data in the gaps between these departments?

As a result, getting the big picture starts with a high-level view of the current security environment. By taking stock of how solutions are deployed, what they’re protecting and where they interact, it’s possible for firms to pinpoint obvious gaps and lay the groundwork for a consistent financial security strategy.

2. Evaluate the Cybersecurity Landscape

Armed with better insight, banks need to dig in and discover what’s working, what isn’t and what needs to change to boost overall security.

For many banks, there are as many gaps in security as there are overlaps. For example, the use of multiple security vendors’ services as part of a layered approach to improving protection led to several sets of security controls on the outside, inside, workstation and data center. That, in turn, led to a lot of overlap, but also left huge gaps in protection.

To solve for this, it’s critical for banks to start with a full-asset approach and work backward, using the goal of a holistic security environment to inform evaluation. For example, if multiple departments have differing tools for the same purpose, such as encrypting and obfuscating data in transit, the result is both costly for banks and may lead to significant security risks during the handoff of data between operational silos.

By replacing three disparate data controls with one consistent, cloud-based solution, it’s possible for banks to remove expensive operational overlaps and simultaneously address security gaps without negatively impacting operational performance. The result is both more cost-efficient and effective at protecting key data.

2. Validate the Impact of Banks and Cybersecurity Controls

While high-level views and active evaluations can help inform new banking security best practices, the big picture isn’t complete without ongoing impact validation. Are security tools delivering intended results?

This starts with the engagement of trusted third-party providers and tools to measure the effectiveness of current security responses and assess key metrics, including:

Access behavior. Who’s accessing critical banking tools and services? When? Why? In-depth access information provides early warning signs of risky behavior.
Incident reporting. Detailed incident information including volume, type, intention and potential impact is critical to ensure security tools are working as intended.
Time to detection. The longer attacks go undetected, the greater your financial risk. Reduced time to detection is real-world evidence of impact.

Once initial validation is confirmed, banks must also look to ongoing, proactive security assessments that include regular penetration testing and incident response evaluations. These approaches both help encourage dynamic bank security in the face of evolving threats and reduce the risk of interoperative gaps or overlap as new fintech and cloud-based services are deployed.

When it comes to banking security, visibility is invaluable. Get the big picture by improving your view, evaluating your assets and validating your ongoing InfoSec impact.