Subscribe
Logo
Logo
  • Topics Icon Topics
    • AI Icon AI
    • Banking Icon Banking
    • Blockchain/DeFi Icon Blockchain/DeFi
    • Embedded Finance Icon Embedded Finance
    • Fraud/Identity Icon Fraud/Identity
    • Investing Icon Investing
    • Lending Icon Lending
    • Payments Icon Payments
    • Regulation Icon Regulation
    • Startups Icon Startups
  • Podcasts Icon Podcasts
  • Products Icon Products
    • Webinars Icon Webinars
    • White Papers Icon White Papers
  • TechWire Icon TechWire
  • Search
  • Subscribe
Reading
Three strategies for winning the cybersecurity arms race
ShareTweet
Home
Banking
Three strategies for winning the cybersecurity arms race

Three strategies for winning the cybersecurity arms race

Richard Harmon·
cybersecurity
·May. 9, 2024·4 min read

As cybersecurity attacks against financial institutions continue to escalate, banks and other financial organizations must take proactive measures to protect themselves and their data. Here are three strategies they can use to guard against potential intrusions.

A 2020 report by the Federal Reserve Bank of New York (FRBNY) modeling the potential impact of a cyber attack on a single U.S. bank predicted troubling outcomes that still loom large in today’s rapidly evolving threat landscape. The model estimated that a one-day attack on a top 5 US bank would impact 38% of U.S. financial institutions. Worse, an attack perpetrated against a large bank and a group of medium and smaller banks would impair an average of 60% of banks by assets.

Since the report was issued the financial services sector has become one of the top 5 industries for cyber attacks – and banks and hackers have both become more adept at using technology to achieve their objectives. Today, 98% of financial institutions are using some form of cloud computing, up seven percentage points from 2020, and banks are heavily investing in artificial intelligence (AI). Meanwhile, hackers have succeeded in creating AI-built phishing schemes and effectively using edge devices for Distributed Denial of Service (DDoS) attacks.

How can banks win this cybersecurity arms race and ensure resiliency in the face of possible attacks? This can only be achieved through collaboration, automation, and standardized controls for more secure cloud deployments.

Collaborate: make intelligence sharing a key defensive weapon

Organizations in the financial sector believe that an attack on one is an attack on all. Thus, many financial institutions around the world have committed to sharing intelligence about threats and vulnerabilities to protect the infrastructure of the entire financial system.

Their efforts have been buoyed by frameworks and guidelines that have been created to improve information-sharing on cybersecurity incidents within the financial industry. For example, the Switzerland-based Financial Stability Board’s Achieving Greater Convergence in Cyber Incident Reporting features 16 recommendations on the collection and sharing of cybersecurity information between financial institutions. In the United States, the Securities & Exchange Commission’s cybersecurity rules require registrants to disclose cybersecurity incidents and the steps they took to mitigate those incidents.

The calls for greater transparency herald a new age of collaboration among banks. While intelligence-sharing across borders remains difficult to do in Asia, where geopolitical dynamics often hamper regional data exchange, it’s become more commonplace and easier to do in insular environments like the European Union (EU), the United States, and other countries. These areas are leading the charge for better cybersecurity within the financial sector, and technology plays an important role in their efforts.

Automate: Reduce attack response and remediation times

The Digital Operation Resilience Act (DORA) is a great example of a government mandate that puts technology at the forefront of risk management. Although created specifically for the European financial sector, it serves as a good cybersecurity blueprint for financial services organizations in all countries, including the U.S.

DORA calls out “the existing high level of interconnectedness across financial entities, financial markets, and financial market infrastructures” as areas of concern. Like the FRBNY report, it notes that localized cyber incidents could quickly spread throughout Europe’s entire financial system.

According to the EU, one way to prevent this from happening is to contain the damage by “implementing automated mechanisms to isolate affected information assets.” Financial organizations must be able to quickly and automatically identify the source of an attack, isolate and remediate it, stop it from spreading, and recover quickly.

Security managers can work with developers to create automation protocols designed to detect and prevent intrusions, build and maintain enterprise firewalls, and more. For example, open-source projects like the Ansible infrastructure-as-a-service platform offer simple-to-use, pre-built playbooks that let teams quickly create automated security tasks. Once deployed, these tasks can help financial organizations significantly reduce the time it takes to discover and contain potential intrusions and remain resilient in the wake of an attack.

Standardize: Unify cloud controls for better resiliency

DORA also cites the “potentially severe” risk to the financial services industry if a cloud service provider that hosts many banks were to become compromised. Indeed, the issue of cloud concentration risk – the danger that a security breach of a single cloud service could result in potential disruptions and data breaches for many organizations – is a real concern that must be addressed.

Yet again, the open source community, along with members of the financial community, is addressing this issue by creating cloud security controls. In 2023, the Fintech Open Source Foundation (FINOS) announced a collaborative project to standardize controls for public cloud deployments in the financial sector. The goal, according to FINOS, is to “develop a unified set of cybersecurity, resiliency, and compliance controls across the major cloud service providers.” Many financial institutions, including Citi, Morgan Stanley, the Royal Bank of Canada, and others are involved in the project.

The FINOS project is just one example of the open source community’s efforts to provide all organizations, including financial institutions, with better security and control over cloud deployments. The efforts stem from the community’s unwavering commitment to transparency, intelligence-sharing, collaboration, and using cutting-edge tools to mitigate risks.

It’s not a coincidence that these are the same ideals that the financial services industry is also embracing. They are, after all, the core tenets that will protect all organizations against escalating cybersecurity risks, and they are the keys that will help financial institutions stay secure and resilient against current and future threats.

  • Richard Harmon
    Richard Harmon

    Dr. Harmon is the Global Head of Financial Services at Red Hat. He joined Red Hat in December, 2020 and has more than 25 years of experience in capital markets with specializations in risk management, advance analytics, fixed income research and simulation analysis. Prior to working at Red Hat, Dr. Harmon was managing director of financial services at Cloudera for 5 years and has held senior positions at Citibank, Bankers Trust, J.P. Morgan, BlackRock, Bank of America and Countrywide Capital Markets, First American CoreLogic, and SAP.

    View all posts
Tags
cyber attackscybersecurity
Related

Fintechs and cybersecurity: Why establishing a governance plan is more critical than ever

Three Technologies Banks Will Invest More in This Year

SEC cybersecurity rule raises questions

Anonymous hacker in front of his computer. | iStock photo

Comprehensive Trustwave report shares threats to financial services

Popular Posts

Today:

  • Email-AI-pieceAvatar CEOs Have Entered the Meeting Jun. 18, 2025
  • Stylizedhouse-with-EKGFintech x the One Big Beautiful Bill Jun. 26, 2025
  • Globe-money-symbolsOPINION: Why Brazil and India are leading the global digital shift through payment innovation Jun. 24, 2025
  • Jon StonaTips from Airwallex x McLaren on Making the Best of a Fintech Sponsorship  Jun. 18, 2025
  • Gazing Into the IPO Crystal BallKlarna Now, A Deluge Later? Mar. 20, 2025
  • TechNexus The AI IssueSteal Like an AI? Defining Fair Use & Creativity Jun. 25, 2025
  • Revised-AI-InvoiceAI Faces Skepticism. Startups Say: OK, Pay When it Works Jun. 25, 2025
  • PayabliFunded: Payments infrastructure co Payabli lands $28M Series B to AI-ify Jun. 20, 2025
  • TechNexus The AI IssueThe AI Paradox Jun. 18, 2025
  • ai-work-nexusWalkMe Vets Declare War on SaaS Bloat with $10M Seed for Autonomous Agents Jun. 10, 2025

This month:

  • WP UmbrellaTo Bank or Not to Bank: The ILC Question Jun. 5, 2025
  • DanMurphy-FN-headshotCFPB’s Next Open Banking Battle Begins Jun. 3, 2025
  • GreenliteAI-Alex-WillGreenlite AI is on a mission to revolutionize banking compliance Jun. 10, 2025
  • Current stablecoin adoptionWhy Banks (and Fintechs) Need to Embrace Stablecoins Today Jun. 12, 2025
  • ai-work-nexusWalkMe Vets Declare War on SaaS Bloat with $10M Seed for Autonomous Agents Jun. 10, 2025
  • Ben Hemani, Founding Partner at Bison VenturesThe Risk and Reward of Betting Big on AI’s Next Frontier Jun. 4, 2025
  • Jon StonaTips from Airwallex x McLaren on Making the Best of a Fintech Sponsorship  Jun. 18, 2025
  • Ironclad State of AI ReportThe Economics of AI Trust Jun. 11, 2025
  • Fintech Nexus – Newsletter Creative (2)Building the Bot Workforce May. 28, 2025
  • VancouverWeb Summit Dispatch: Debate Rages Over AI Applications’ Human Impact  May. 28, 2025

  • About
  • Contact
  • Disclaimer
  • Privacy Policy
  • Terms
Subscribe
Copyright © 2025 Fintech Nexus
  • Topics
    • AI
    • Banking
    • Blockchain/DeFi
    • Embedded Finance
    • Fraud/Identity
    • Investing
    • Lending
    • Payments
    • Regulation
    • Startups
  • Podcasts
  • Products
    • Webinars
    • White Papers
  • TechWire
  • Contact Us
Start typing to see results or hit ESC to close
lis digital banking USA Lending Club UK
See all results