Financial services companies have been a popular target for cybercriminals for a long time. Not without good reason, since beyond working with money, financial companies handle a slew of sensitive client data that criminals utilise in various fraud schemes or sell off in bazaars on the dark Web. According to Verizon’s 2020 Data Breach Investigations Report, in the past year alone the financial industry has suffered more than 1 500 incidents, with 448 confirmed data disclosures.

Carey van Vlaanderen, CEO of ESET, says that in addition to the longstanding threats, most companies have had to contend with the rapid transition to remote work.

“The shift happened on extremely short notice, leaving companies with little time to deploy adequate cybersecurity measures or to prepare employees for looming cyberthreats. And while the pandemic will eventually subside, remote work looks like it’s here to stay. This will of course add to the list of challenges that companies need to cope with when they are preparing their cybersecurity plans and policies.”

ESET has rounded up five of the key factors why organisations struggle with cybersecurity:

1. Talent gap

While many companies may be on the hunt for either seasoned or up-and-coming cybersecurity professionals to join their ranks and help them establish a defensive perimeter against various threats, there just aren’t enough of them to go around. In fact, although the cybersecurity workforce gap has shrunk for the first time in years, there is still a global shortage of 3.1 million workers. “To make up the global talent shortfall, the employment levels would need to grow by 89% worldwide. So, to attract the best and brightest cybersecurity minds, companies will have to offer competitive salaries and fulfilling work opportunities,” says van Vlaanderen.

2. Insufficient budgets

A key area that is preventing companies from tackling cyberthreats head-on is that they have insufficient budgets allocated to cybersecurity. According to a survey conducted by EY, 87% of surveyed organisations said that they did not have a sufficient budget to achieve the levels of cybersecurity and resilience they were aiming for.

“The lack of resources means that companies can’t hire enough cybersecurity talent or institute technical measures they need to be resilient when facing off against various cyberthreats. With challenges like this in mind, ESET has recently launched ESET Protect*. It’s important to stay up to date on what’s available to your business and ensure that the team entrusted with your cybersecurity needs understand your business properly to be make suitable recommendations.”

3. Overestimating their own cybersecurity

One common mistake companies make is that they overestimate how good their cybersecurity measures are. While they may believe that they are on top of things, companies may not have the best vulnerability patch-management policies in place.

4. Lack of awareness training

“Another common occurrence that undermines a company’s cybersecurity is that employees do not receive sufficient cybersecurity awareness training. Arguably, the risks of employees being tricked into downloading malware or parting with their company credentials have been amplified due to the Covid-19-powered shift to remote work, so it’s essential to send them updates and flag anything.”

According to a study conducted by the Ponemon Institute, although companies have registered a surge in cyberattacks during the pandemic (including phishing and social engineering attacks), 24% of respondents felt that their organisations have not provided sufficient training about risks associated with remote work. Worryingly, the study also discovered that over half of the companies had no security policies at all covering requirements for remote employees.

5. Underestimating the value of cybersecurity

Some organisations underestimate the value of cybersecurity for their business and instead opt to invest in other aspects they deem more worthwhile, such as financing expansions or developing new products. They could argue that the costs outweigh the benefits, such as the cost of cybersecurity measures outweighing potential losses from a data breach.

“While the potential fines and losses may be lower in the short term, the reputational damage could lead to greater fallout including losing client trust, which would hit revenue streams. Alternatively, if successful, cybercriminals could gain access to intellectual property that they could sell along with the client data on the dark Web. Cybersecurity shouldn’t be an afterthought as it serves to protect both the company and its clients – and this I cannot stress enough,” van Vlaanderen says.

Conclusion

Any combination of the aforementioned factors could spell a perfect storm for most organisations when faced with a cyberattack. On the bright side, financial services companies have begun taking cybersecurity concerns seriously at the highest level. Global management consulting firm McKinsey found that 95% of the board committees that they surveyed say they discuss cyber risks and tech risks at least four times a year.

“It’s worth noting that building awareness in top management has to go hand in hand with investing adequate sums in cybersecurity solutions and training personnel to the best possible standards,” says van Vlaanderen.

Free training

Note: To help your colleagues and company learn how to stay secure, ESET is currently offering free cybersecurity training online. The training will cover:

E-mail protection: What to look for, what to avoid;
Web protection: Wi-Fi, the Internet of things and search engine security;
Social engineering: How to recognise scams and what to do;
Threat overview: Malware, phishing and insider threats; and
Password policies: Best practices like two-factor authentication.

To find out more, click here.

* ESET Protect: This small and medium business bundle solution offers protection for computers, file servers and mobile devices against ransomware, file attacks and advanced persistent threats at an affordable cost – starting at R5 060 for 10 users per annum. ESET’s Cloud Administrator, a Web-based console, allows you to remotely manage all products of your company’s network security without the extra cost and hassle of additional hardware.