Explore topics like Third-Party Risk Management, Finance & Banking, and Governance & Risk Management.
Industry Experts Urge Enhanced Focus on Third-Party Risk Management in Financial Services
Cybercriminals, frustrated by the fortified defenses of financial institutions, are increasingly targeting weaker third-party entities, such as cloud services and data storage providers, to access valuable financial data. This trend was highlighted during a financial services summit hosted by Information Security Media Group (ISMG) in New York City, where industry experts voiced concerns about escalating vendor-related risks.
Experts emphasized that the recent surge in third-party data breaches serves as a catalyst for financial organizations to implement comprehensive risk management protocols that account for both third and fourth-party vendors. Eric Boateng, Chief Information Security Officer of MassMutual, noted during a keynote address that “every time you hear about a data breach, it’s linked to a third party crucial to business operations.”
Boateng further explained that the COVID-19 pandemic has significantly widened the attack surface for organizations, as remote work and cloud dependencies have become fundamental components of business operations. This evolution necessitates a shift from traditional risk management techniques to a more proactive and layered defense strategy.
“Attackers recognize that many third parties aren’t strengthening their controls sufficiently, and they will continue to exploit these vulnerabilities,” Boateng added. The extensive use of third-party services across the financial sector has also been fueled by the rise in remote work, as businesses allow employees to connect through a growing array of devices.
Erika Dean, Chief Security Officer at Robinhood Markets, highlighted the dual role of personnel as valuable assets and potential vulnerabilities. She stated that in an environment heavily reliant on third-party services, CISOs must evaluate not only the cybersecurity measures of vendors but also the remote work practices and internal security policies that govern their organizations.
Human error continues to be a significant factor in cyber incidents, with data from Joanna Huisman, Senior Vice President of Strategic Insights and Research at KnowBe4, indicating that mistakes like credential theft, social engineering, and misuse of privileges account for 68% of attacks. However, Huisman pointed out that properly informed employees could enhance organizational resilience against cyber threats through improved access to security awareness resources.
The full-day summit gathered experts from government, finance, and technology sectors, including representatives from the Treasury Department and the FBI, as well as leaders from Google Cloud Security, to discuss strategies for combating the rising tide of cyber threats. Sessions included discussions on protecting digital identities and countering account takeovers in the financial sector, with insights from Anthony Scarola of Apple Bank and Carlos Suarez of Helaba.
In a panel focused on current trends in payment fraud, industry experts addressed issues like synthetic identity theft and sophisticated social engineering tactics, emphasizing the need for robust identity management frameworks to combat these emerging threats.
