The pandemic triggered huge changes within the financial services market. One of the most significant is a greater reliance on digital channels. But accompanying this shift to digital finance has been an increase in online fraud and cybersecurity attacks.
One of the biggest threats across all industries originates with the supply chain. We now see reports of high-profile attacks on an almost daily basis – 2021’s SolarWinds attack being one of the most far-reaching.
Supply chains can relate to almost any aspect of any technology, third-party organisation or partner, including its processes, resilience, overall security and employees. Third-party suppliers can often be smaller and less resourced than the big organisations they supply, and they may not have the strict usage policies relating to how they connect to your organisation.
It can, therefore, be a mammoth task for any IT department to successfully secure every aspect of the supply chain. But if you can’t trust your partners then who can you trust? And even if you don’t trust them, how do you interact with them and assess their security?
Banks and other financial institutions are often the first to experience new types of attacks – and not just via the supply chain, but traditional threats such as DDoS, business email compromise, nation state espionage, data breaches and the growing threat of ransomware.
Yet in the past, security within partners and supply chains was seen as someone else’s problem. But this can no longer be the case. With the potentially devastating impact of a cyberattack now in every security team’s mind, ensuring a proactive approach to cybersecurity is a priority.
Supply chain risks
The ‘Finance Sector and Supply Chain Risk’ white paper by Sophos explains the different elements that make up the expanded threat surface. These vulnerabilities encompass:
- the tech and dev supply chain
- the vulnerability (and patching) boom
- open Banking APIs and fintech
- mobile banking apps
- nation state attacks
- working from home
- exposure to breaches at partners
- the customer
- legacy patching
The report also features a perspective from Morgan Stanley, which identifies not only the supply chain threat but that of credential theft and exploitation, the impact of pandemic working on security, and the rising danger of nation-state attacks against banks.
Additionally, it offers a case study on how best to secure buy-in from the board when it comes to cybersecurity, and how a demonstration of pen testing can be a powerful weapon in building your argument.
Importantly too, the white paper provides recommendations and advice to help you manage and secure your supply chain ecosystem.