end-point
ANALYSIS
WHY THE FINANCIAL SECTOR MUST CONFRONT AN INVISIBLE CLOUD THREAT
Mark Jow , EMEA Technical Evangelist , Gigamon , asks if the financial sector is prepared for the invisible threats lurking in the cloud . He warns : “ While it may be reasonable to assume that cloud providers provide security by design as part of their platforms , this is sadly not the case .”
The financial sector has never been a stranger to strict security policies . Since the 1600s , banks and their security partners have pioneered some of the most secure strongrooms in the world . Named originally after their vaulted ceilings , ‘ vaults ’ have since become synonymous with the highest level of protection , featuring armoured walls and airtight locks that can protect valuables from thieves , natural disasters and even atomic bombs .
But modern banks have far more complex threats to counter , and far more valuables to protect . Customer payment data , access to high-profile networks and critical operations all present lucrative opportunities for bad actors . All this leads to an environment in which the Bank of England identified the risk of cyberattacks as one of the major threats to the nation ’ s financial stability . So , are these bastions of security prepared for today ’ s criminals ?
A cloudy landscape
The rise of fintech newcomers in banking can be credited for initiating a dramatic shift in the financial landscape . With new startups often making extensive use of modern cloud infrastructure and SaaS providers such as Mambu , they benefitted from efficiency and scalability , whilst offering customers more flexible digital banking options . It is no surprise , then , that established retail banking brands have been quick to follow suit .
But the outcomes of an increasingly digitised financial system are not all positive . Without considered security controls , tools and capabilities in place , cloudbased workloads can be easier to penetrate , and are often targeted directly by bad actors .
While it may be reasonable to assume that cloud providers provide security by design as part of their platforms , this is sadly not the case . Far too often , organisations leave security gaps that only become clear in post-incident analysis . When said organisations make up part of a nation ’ s critical national infrastructure ( CNI ), remediating cloud security gaps before an attack can occur is essential .
With UK Finance forecasting that notes and coins will account for just 7 % of all UK payments by 2032 , an attack on the digital systems that facilitate a large majority of payments and transactions would have a huge ripple effect , giving bad actors credibility amongst their peers and providing them great leverage for further extortion .
Confronting an invisible threat
But just as banks once had to deal with ever more sophisticated heist attempts , the tactics
72 WWW . INTELLIGENTCISO . COM