Four financial risks for the future

Issue 3 2020 Editor's Choice

Over the past decade, the financial sector has invested millions of Rands in security systems and methods with varying levels of success against an ever-evolving field of threats. Vast data assets linked to public and private sector customers make businesses in this industry a top target for attackers. An ongoing trend of moving away from cash and towards customer mobility, diversity of offerings and open banking will continue to challenge security in this arena for the foreseeable future.

Secure identity verification

Financial services’ consumers can be located anywhere and expect both access to their accounts and the ability to transact, at any time. If you combine this with an increasing number of channels across device platforms, threat vectors become numerous. The identity of the customer effectively becomes the secure perimeter.

The solution to this identity/perimeter security challenge involves strengthening multi-factor authentication processes and introducing advanced, context-based security to monitor the service endpoint (e.g. financial applications such as online banking) with users’ activities across all devices.


Gregory Dellas.

Nation state attacks

Businesses in the financial sector are now aware that they are a target for nation states. Threats from state sponsored attackers are escalating with global issues such as ongoing tensions in Iran, trade wars with China and rogue states intent on asymmetric warfare. There is an effective cold cyberwar occurring where viruses and zero-day exploits are being stockpiled for use in a potential attack.

The financial industry will be a target as the economy cannot function without critical financial IT infrastructure in place. It’s difficult to predict when or where these attacks may occur, but that does not excuse lack of preparation. Governments are legislating for tougher security for financial industries such as the American NY Department of Financial Services Cybersecurity Regulation, which refers in the introduction to the “ever growing threat posed to information and financial systems by nation-states, terrorist organisations and independent criminal actors.”

Mobile threats

One notable mobile security trend involves the increasing number of malicious apps making their way onto official app stores, for example, two selfie taking apps loaded with malicious malware that were available on the Google Play store. They were downloaded 1.5 million times. The apps would gather data silently and evade removal by becoming invisible and running in the background without a shortcut being visible to the user.

The major mobile OS vendors (Apple and Google) are battling to thoroughly vet the

 million, and counting, apps available on their platforms. The vulnerable integrity of mobile as a platform will require the financial industry to inspect its customer and contractor devices more thoroughly, whether by using MDM, or network access control. This may lead to the emergence of a two-tier security model in the mobile space where anti-malware becomes mandatory for mobile devices to interface with financial services.

Insider threat defence

The main motives for insider threats are said to be the following, regardless of sector: grudge, espionage, sabotage, malice, ideology and, of course, one must never discount the main reason – greed. Financial services companies face perpetual insider threats and continue to look for innovative solutions to this problem. A strong privileged access management solution reduces the scope of permission for malicious insiders by controlling the usage of administrative credentials and implementing separation of duties within an organisation.

An established activity monitoring solution can provide the data with which to scrutinise endeavours across financial applications with context. Moreover, AI and machine learning continue to develop in this area and are essential tools for the detection of insider malpractice as and when it occurs.

For more information, contact CA Southern Africa, +27 11 417 8594, [email protected]




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Standards for fire detection
SAQCC (Fire) Editor's Choice Fire & Safety Associations
With the increased number of devastating fires reported throughout South Africa, adequate and suitable fire detection cannot be overstated. SAQCC Fire will publish a series of articles in SMART Security Solutions to provide insight into fire detection requirements and importance.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
The best of local and international
Technoswitch Fire Detection & Suppression Editor's Choice
SMART Security Solutions speaks to Technoswitch’s Managing Director, Brett Birch, to learn more about the company and how it serves the fire safety market in South and sub-Saharan Africa.

Read more...
Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Technews Publishing Inhep Electronics Holdings Videofied SA Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...