[BreachExchange] Why Connected Risk is the Biggest Threat to Financial Services

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 5 20:13:06 EDT 2017


https://www.comparethecloud.net/articles/why-connected-
risk-is-the-biggest-threat-to-financial-services/

We live in a world that is more connected than at any other point in
history. Individuals and businesses can connect with each other in seconds,
can share pictures, videos, work documents and much more via cloud-sharing
tools with ease.

Such speedy and effective connectivity has proved a true asset to many
organisations and transformed the way in which many of them operate. Yet at
the same time, there is also more risk in the world than ever before.
Business risk comes in many different guises in 2017. Strategic,
reputational, compliance, financial, political….the list goes on and on.
The breadth, depth and variety of risk in modern business make the task of
efficient, effective and smart risk management even harder for many
organisations.

But in the increasingly connected world in which we live and work, in
conjunction with this increased risk, a perfect storm has emerged, and
there is a new threat starting to make itself felt, that of connected risk.
What exactly is this and how can organisations – especially those within
financial services (FS) and fintech – best defend themselves against it?

Ultra-connectivity in business

The world in which we live and work is more connected now than at any other
point previously. We live in an era of ultra-connectivity, and it is an era
that impacted the FS sector as much as other industries. Technology has
progressed to the extent that money can be transferred across countries and
continents, changed into different currencies and deals agreed at the click
of a button.

Businesses are global now, still operating in their country of origin, but
present in many territories all over the world. There are compliance and
regulatory issues to be managed when doing so of course, but it is
relatively easy now for an agile fintech business or even a traditional FS
firm to trade globally.

But the ease of digital communication in connecting these organisations is
also a weakness.  Risk can be spread within moments, and the hyper
connected world that we operate in is increasingly under threat from this
connected risk. A typical FS business would be digitally connected with a
wide variety of other organisations – partners, customers, suppliers,
legislators and more – which means that the risk is cumulative and can be
spread rapidly.

Because these organisations are so digitally connected, one single threat
is exponentially shared across them. And given the sensitive nature of FS –
managing the finances of businesses and consumers, and holding all manner
of data on them too – the risk is potentially greater than in other sectors.

So one relatively small local event, which in a pre-digital era would be
confined to that area, can have global consequences, impacting
organisations thousands of miles away and operating in a completely
different sector. This could be anything from a supply chain issue to a
political event, or as is increasingly likely, a cyber attack.

Combatting connected risk

Connected risk can come in many guises, and given the spontaneous nature of
some events it can be particularly hard to mitigate against. But the cyber
attack is the risk that is currently posing the greatest threat.

With the internet of things so prevalent at home and in business, we have
seen numerous instances so far in 2017 of cyber attacks being spread at
high speed across the global, moving between interconnected organisations
almost at will. Ransomware could be spread from a small business to its
bank or other FS provider, which in turn could potentially be spread to all
of its customers in countries all over the world.

A key element of managing and mitigating against connected risk is in
equipping risk management teams with the right tools for the job. This
means moving away from traditional approaches, such as Excel, and embracing
digitisation for risk management.

By adopting an automated approach, it ensures a continuous and on-going
protection against a multitude of threats. It also means that risk
modelling can be far more effective. Using technology to amplify the weak
signals within an FS organisation and predict when and where risk might
occur and what the likely impact of it will be. This allows the business in
question to prevent and prepare for risk far more effectively than they
might otherwise.

If one organisation suffers from connected risk, it is possible that all
the organisations it is connected with will also do so. That’s why it is
growing ever more important to ensure an organisation has the proper
defences.

It is impossible to dial back the connectivity now – it is too fast, too
deeply integrated and has become an essential element of the modern
business. But it is possible to mitigate against connected risk more
effectively than is being done currently in FS, and doing so needs to start
sooner rather than later.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170905/57566468/attachment.html>


More information about the BreachExchange mailing list