With an always on, always engaged mobile and connected consumer, what are the security implications for consumers and their financial institutions?
According to Bryan Sartin, director of the RISK Team at Verizon Enterprise Solutions, when it comes to financial institutions such as retail banks and wealth management firms, there’s variability in the threat profile.
"You are not only dealing with financially motivated crimes, but also activists, hacktivist groups and cyberespionage. Each requires a unique security approach and recipe for success."
A self- described “cyber mortician”, Sartin spends a fair amount of time investigating security failures at enterprises across industries.
He says that consumerization is driving many changes when it comes to security particularly in many of the password and credential-related breaches which have been reported.
"Managing their identities online, whether on e-mail, social media or their online banking platform, is something that consumers seem to be terrible at doing."
Consider the fact that:
- People tend to use the same usernames and passwords universally across platforms.
- Two out of three security breaches that leads to the theft of information exploits weak, default or easily guessable passwords.
"We are rapidly getting to a point where perceived weaknesses in humans are becoming easier to exploit for the purposes of gaining a foothold into an enterprise and stealing information that can be used in order to gain access into another enterprise. And that worries me."
According to the Verizon 2014 Data Breach Investigations Report, in 2009 phishing ranked #14 in terms of the threat actions observed. In the last five years, phishing has become far more pervasive ranking in the top 10 in 2011 and shooting up to the #3 spot of threat actions observed in 2013.
What's the bottom line for retail banks and wealth managers?
Sartin says that helping consumers maintain "good security hygiene" when it comes to managing their online identities will be a key focus and responsibility for financial institutions to drive moving forward.
Watch Sartin's take on the consumerization of IT and the implications for financial institutions below.