Financial services institutions must ensure security is being embedded at every level of the organisation to keep cyber attacks at bay, says security consultant Aleron.
Speaking to InvestorDaily, Aleron director Mark Wroniak said banks were ahead of other sectors when it came to cyber security but needed to identify blind spots in their systems.
“Security is something that should be fundamental, as far as any sort of application, product technology implementation is concerned,” Mr Wroniak said.
“From a financial services perspective, they’re always going to be a target as we’ve seen so far, wherever there’s money there’s cyber criminals or criminal-type activities.”
The financial services industry is likely be a focus of attacks from cyber criminals, and IT teams must have plans in place to counter them accordingly, he said.
Although the pace of technological developments was moving quickly, cyber security was not being prioritised among the rush to innovate.
“Because of the cost involved and the time constraints, sometimes people feel that it might stifle innovation,” Mr Wroniak told InvestorDaily.
“So [security] is not always put in every single place.”
Furthermore, as more and more financial institutions were providing online platforms for customers, badly written code was an entry point for cyber criminals to attack.
“One of the big ways that people do get attacked is via badly coded applications. A thing that’s been written badly or structured badly, they find there are gaps in them,” Mr Wroniak said.
An issue for big banks in particular was the fragmented way in which different parts of code were being written by different developers, according to Mr Wroniak.
“There are huge things that need to be looked at as far as things are being written and coded by a lot of different people and a lot of different places to make sure that everything is secured to protect what you’re trying to protect,” he said.
“People who are coding things need to always have security in the forefront of their minds.”
Cyber security has so far not been a high priority for many organisations, Mr Wroniak suggested.
“Traditionally, security in general just hasn’t been up at the big people’s table, it’s kind of been at the little kid’s table,” he said.
“It really needs to come out now and stand with all the other areas as a valuable part of a company to deliver to their customers.”
Customers were concerned about the trustworthiness of a financial institution, Mr Wroniak argued.
“People want to go with people or companies that they trust.
“And security is a really big part of that nowadays.”
A coalition of Australian financial services providers, insurers and scientists has rolled out new standards for physical risk assessment fr...