NCSAM 2018

This October marks the 15th annual National Cybersecurity Awareness (NCSAM) month. The need to better protect our nation’s critical infrastructure – otherwise known as the vast, worldwide connection of computers, data, and websites supporting our everyday lives, has never been at a more critical junction. With the volume and velocity of today’s data breaches, it’s more important than ever for individuals and businesses to proactively address the exposure of personal and confidential information.

There are 16 critical infrastructure sectors whose systems are considered so vital to the U.S. that their incapacitation would have a devastating effect on national economic security. Financial Services represents an essential component, and the increasing sophistication of cyber attacks demonstrates a huge risk facing the sector.

A Look Back: Identity Crime in 2017

There were 79.1 million identity crime victims in the U.S. alone in 2017 — an astonishing two new victims every second. That means nearly a quarter of the population was impacted by identity theft, fraud or a data breach. And who can forget the Equifax mega breach, which affected nearly 148 million U.S. consumers?

The number of data breaches tracked in 2017 topped 1,579 — exposing more than 178 million sensitive records. Of those 178 million sensitive records, the Equifax mega breach leaked 145.5 million Social Security numbers.

What happens next? This compromised Personally Identifying Information (PII) often makes its way to the Dark Web. Once it’s there, it can be dumped, bought and sold by cybercriminals indefinitely, resulting in endless opportunities for fraud.

Cybercrime in the Financial Services Sector

The financial services sector incurred an estimated cost of $18.28 million due to cybercrime in 2017 — significantly higher than the $11.7 million average cost among other industries.

A significant driver of this cost is the vulnerability of financial consumers due to the increased number of devices they use for online account access. Javelin Strategy & Research projects that more than 8 in 10 American adults will bank primarily on their computers, smartphones, and other devices by 2022.

Additionally, financial institutions face an average of 85 targeted data breach attempts annually. Roughly one-third of those attempts are successful.

Security Matters for Your Account Holders

While consumers can take proactive measures to safeguard their own activities, it’s a natural progression to search for more comprehensive protection from an already established, trusted relationship.

Financial institutions are a preferred identity protection provider. They garner higher levels of service retention than direct-to-consumer and post-breach protection providers. In fact, three in five account holders report that they trust their financial institution to keep them safe in the event of identity theft or fraud.

In other words, your account holders need stewards that will help safeguard their identity — and they look to you.

Invest in Financial Health

Lightweight identity protection services that focus only on credit monitoring and restoration offer few opportunities for engagement and leave dangerous blind spots in your organization’s cybersecurity plan.

The widespread impact of cybercrime requires today’s organizations to be dynamic and thorough by taking a full circle approach to their cybersecurity initiatives. In other words, financial leaders must take a proactive approach by providing targeted, full-featured identity protection offerings to their account holders.

Here’s what needs to be done:

  1. Monitoring for the latest breaches through information sharing and third-party providers who actively track breach events
  2. Providing internet monitoring services that scan for account holders’ PII on black market websites
  3. Including methods to isolate attacks while in-progress, detect compromises faster, and deploy restoration initiatives in the event of an attack
  4. Ensuring vendors uphold high-security standards and regularly train employees to prevent and detect cyber threats