Nearly 80% of bank executives are confident about their cybersecurity strategies, according to a new report from Accenture, but lack the ability to test their strategies in a real-world testing environment. The report is based on a global survey of 275 senior security executives across the banking and capital markets sectors.
"Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices. The reality, however, is very different," said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience at Accenture Security. "Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks’ job as difficult as possible."
Banks face more cybersecurity threats each year. Respondents said their bank had 85 "serious" attempted cyber breaches each year, and more than one-third of those were successful and malicious actors gleaned at least some information.
Cyberattacks on banks are on the rise, so it’s more important than ever to ensure they are adequately protected. But most banks lack the ability to conduct real-world testing because there aren't many viable options for businesses looking to train professionals in active cyber defense and ensure they have the tools necessary to respond.
Some companies, such as IBM, are looking to help solve this problem. Last fall, IBM Security announced it plans to invest $200 million in its incident response capabilities, including a new headquarters and a Cyber Range where participants can get hands-on. The cyber range offers real-world experience responding to cyberattack using live malware, ransomware and other hacking tools to teach experts how to defend against and stop attacks.
Increased regulation may help more financial services organizations step up defense. In March, New York became a test case of other states as its financial services cybersecurity regulations went into effect. The rules all regulated financial services institutions to have a cybersecurity program in place, appoint a chief information security officer and monitor the cybersecurity policies of third-party provider.