Today, we trust banks and other financial institutions to safely handle our money and the bulk of our monetary transactions. Successful breaches are somewhat rare thanks to technologies like multi-factor authentication and heavy investment in cyber security, but hackers are always improving their techniques, and tech is always changing. This leads to an ongoing cycle of improvement on both sides: financial institutions keep building better defenses, and hackers keep trying to overcome those advancements.
So, could the financial industry eventually get ahead of the cybercriminals? What does the future hold for financial cyber security?
Financial institutions’ most important job is building and maintaining consumer trust. Without that, people won’t be willing to part with their money, and the entire system could collapse. That’s why financial companies are working hard to stay ahead of the curve, to inform their customers proactively about prospective threats, explain what they’re doing to stop them, and of course, give them the proof that what they’re doing actually works. Third parties will always be around to rate banks and lending institutions for the quality of their offers, and security will only grow in importance as a factor in the future.
These are some of the most important threats we need to prepare for:
- Botnet attacks. The concept of a botnet is relatively simple; a hacker uses a program to gain access to multiple independent devices, usually connected in a peer-to-peer web-like network, and then coordinate those devices to execute an attack. This could come in the form of a distributed denial of service (DDoS) attack, or to steal data, which can then be used to compromise financial accounts.
- Self-mutating viruses. Standard computer viruses already have the potential to infect a computer, enabling the virus creator to steal information from the victim’s computer or use it as part of a botnet in the future. However, antivirus software often catches and eliminates these threats based on recognized patterns. Self-mutating viruses go a step further; they have the capacity to evolve, sometimes in response to direct threats, making them notoriously difficult to detect and prevent. Fortunately, these are in the early stages of development, and haven’t had much of an impact as a cyber threat thus far.
- Biohacking. Biohacking refers to a number of different possible actions, all of which focus on identifying important people and gaining access to the biological features that make them unique. As biometrics start to become more heavily integrated, biohacking will grow in both importance and prominence, giving hackers a way to obtain fingerprints or other forms of personal information to gain access to systems.
- BYOD manipulation. Thanks to the rise of mobile devices, many businesses have now adopted a bring-your-own-device (BYOD) policy, allowing and sometimes mandating that individual users bring their personal devices to the centralized workplace. For cyber criminals, this represents a wealth of opportunities; all it takes is one breached device on a shared network to bring the entire system down.
These are some of the ways financial institutions are protecting themselves:
- Biometrics. Biometrics are a branch of security standards that rely on personal information, such as fingerprints, speech patterns, or even the shape of your ears, to authenticate identity. There are still a number of kinks to work out – such as how biometrics change with growth or significant life events – but if perfected, it could make it nearly impossible for thieves to replicate this information on their own.
- Quantum cryptography. Typical encryptions use a “key,” which is usually randomly generated, to encode information that can only be decoded by authorized devices and programs, at least in theory. Dedicated hackers could uncover the key and use it to translate messages, with enough effort. However, quantum cryptography takes encryption to the next level, relying on the wave function of elementary particles and quantum physics to encode information in a way that is basically unhackable. The technology isn’t foolproof yet, but someday, it could encrypt information with absolute certainty.
- Blockchain. Blockchain, the technology used to power the crypto-currency Bitcoin, is already starting to be used in the financial industry. It relies on a peer-reviewed open ledger to record and remember transactions, making it nearly impossible to record fraudulent transactions or “steal” from other participants in the chain. It’s a technology still in its infancy, but it has massive disruptive potential.
It’s hard to chart an exact course for the development of technology, as cybercriminals are always looking for surprising new angles, developers are working on projects in secret, and all it takes is one new revelation to force changes on both sides. Still, the world of financial cyber security will be interesting to watch in the coming years.
Anna Johannson, Writer
[ISACA Now Blog]