Financial Services Companies Struggle With The Work from Home Digital Perimeter With Serious Cyber Attacks on the Rise

Share

When pandemic lockdowns turned many jobs into work-from-home almost overnight, some industries experienced relatively seamless transitions; however, the banking industry was not one of them. These institutions were forced to pivot from traditional office environments, but the switch to remote working came with an abundance of challenges, the most serious being cybersecurity.

With risk and vulnerability accentuated during the pandemic, fraudulent activity and cybersecurity attacks are on the rise across all industries, but for financial services, the risks are even greater. Financial employees deal with highly sensitive transactional and confidential information on a daily basis, and those working from home are more vulnerable to phishing and other technology breaches.

“As cyber-attacks occur around the globe at an alarming rate, many criminals continue to set their sights on banks and credit unions as the grand prize,” said Chris Swan, CRO from Dispersive, a company that provides accelerated, private, and secure virtual networking for cloud, branch, mobile device and embedded IoT. “Leaders must prepare for the industry’s “next normal,” which will likely entail many employees continuing to work from home to some degree even after the pandemic has subsided.”

In total, attacks against the financial sector increased 238% globally from the beginning of February to the end of April, with ransomware attacks growing ninefold within the same period. The increase in people working from home is the cause for this, as financial firms’ digital perimeters are weakened by the myriad of access points a cyber attacker has when a company’s employees are spread out, working from home on their own personal systems and devices.

Without the luxury of an office system supplied firewall or blacklisted IP address, there are numerous cybersecurity shortcomings that could plague your employees, such as failing to change the default password on their home router, neglecting to block guest access, not encrypting their home networks, and using home printers for bank business, which creates security risks for those printed files.

“Business is being done over home ISPs, with unmanaged routers and printers, home automation systems in the background, and even partners and children listening in on conversations or sharing machines while working for different organizations,” said Chris Swan. “Traditional security measures that have been used daily for years can’t protect a fully remote staff without adaptation. That means we need to rethink our mindsets and approach to security right now.”

While working from home does increase cybersecurity risks, there are plenty of steps a financial firm can take to try to ensure better safety. The first thing businesses usually turn to is a virtual private network (VPN). Businesses can attempt to prevent data leaks by requiring employees at home to use a virtual private network or VPN, which creates a secure pipe between an employee’s endpoint, such as a laptop or a tablet, and the organization’s IT systems, but even then, they aren’t secure.

Despite the benefits of these private networks, there has been a rise in VPN vulnerabilities, and hackers are taking advantage of this. Too often, VPN vendors are guilty of neglecting to patch vulnerabilities within their technology. Data-sensitive industries such as financial services, government, and healthcare are common users of VPNs, and without patching discipline, they’re providing an open door for attackers to gain entrance to the networks and data.

“This isn’t new as over the years, hackers have been exploiting VPNs as the cloud becomes ubiquitous, but now with everyone working remotely, these issues touch millions of users and their data,” said Chris Swan. “More organizations are waking up to this reality and adopting VPN alternatives, like Zero Trust Network Access, which go beyond one-size-fits-all access rules and provide greater network segmentation.”

Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. Unlike VPNs, which grant complete access to a network, ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted.

This alleviates common VPN-related challenges where BYOD remote users are granted the same level of access as users at a corporate office, despite the fact that they often have fewer security controls in place. Some agent-based ZTNA solutions provide a pre-authentication trust assessment of the connecting user and device, including device posture, authentication status, and user location.

And with the world becoming more digital with every passing day and the work from home model showing no signs of disappearing once the pandemic does, Chris Swan states that ZTNA solutions, such as Dispersive’s Virtual Network (DVN), will become essential to any financial firm that wants to keep up with the ever-evolving world of cyber threats.

“A zero-trust network approach recognizes that trust is a vulnerability in the work-from-home model,” said Chris Swan. “With Zero Trust Network Access, organizations can be entirely confident that their data, critical applications, and infrastructure are secure, without the expensive orchestration, maintenance or hardware of legacy solutions.”