While the next target of hacktivists may be a mystery, the threat of cyberattacks seems likely to grow.
Banks will need to redouble efforts to safeguard their infrastructure from digital assaults in the coming year, Booz Allen Hamilton, a consulting firm, said Thursday.
According to the firm, nations and individuals acting without state sponsors are becoming more sophisticated in their ability to wage electronic onslaughts. Defending against them will require that banks invest in both technology and people, as well as work collaboratively with one another to fortify defenses.
"Self-evaluation and industry-wide conversations are the new 'rules of the road' to creating successful, integrated cyber defenses," Mike McConnell, a former U.S. director of national intelligence and vice chairman of Booz Allen, said in a news release. "Even though it is difficult to look into a crystal ball and predict the future, these events are happening now and could cause significant reputational, financial and infrastructure damage to any ill-prepared firm.
"Individual companies should not wait for legislation or an Executive Order to come together with their government counterparts to find dynamic solutions to these big issues," McConnell added.
McConnell's comments follow the U.S. Senate's recent rejection of a measure to protect the nation's critical infrastructure from cyberattacks. The legislation, which was opposed by some business groups, would make it easier for companies and the government to share information about cyber threats and encourage companies to take steps to reinforce security on their networks.
The Senate vote foreclosed action on the legislation until next year despite warnings by national security officials that the U.S. needs new ways to protect financial institutions, power plants and other critical infrastructure from assault.
McConnell's comments also follow a string of cyberattacks since September on at least ten banks worldwide. The onslaughts flooded lines that connect the banks to the Internet and disrupted service for customers.
According to Booz Allen, the prospect of cybersecurity legislation in 2013 and the potential for hacktivists to move from disrupting operations to destroying data means banks will need to share information more than they do currently, and to build the capability to predict threats into their risk management capability.
Banks also should take steps to focus on security risks their vendors may present, to train their workforces in how to access and protect data, to reinforce authentication, and to use industry benchmarks to learn how competitors and suppliers are managing risk, according to the firm.
"In the span of one year, we have seen a significant shift in the frequency and sophistication of cyberattacks on financial services firms," McConnell said. "This is perhaps the biggest trend of them all."