These are intense times, with many financial institutions grappling with lots of moving parts—from hastily arranged mergers, to frozen budgets and layoffs. All of these, in addition to everything else going on in the economy, can play a role in security, says Tom Kellerman, vp of security awareness at Core Security and a member of the Commission on Cyber Security for the 44th Presidency. Kellerman offers five predictions about how the economic crisis, and resulting market conditions, will affect security.
1. M&As connect two networks whose layered security is rarely vetted per cyber. The due diligence process must include cyber risk assessments.
2. The need to cut IT budgets will increase the use of open source and p2p software that need to be secured.
3. The need to slice IT budgets will increase the amount of managed services, web hosting, et al. All of these networks are now connected to you and need to assessed per the operational and reputational risk they pose to the financial institution's networks.
4. There will be a greater emphasis to drive financial institution customers toward e-financial portals in order to cut costs. These web portals will be attacked via SQL injection and cross-site scripting much more often and thus web application security assessments and subsequent remediation must be conducted on a regular basis.
5. Spear phishing will increase against financial institution customer and user bases. Assessing the susceptibility of your users to these types of attacks will be paramount, as will education campaigns to insulate the consumers from this threat.