During the past few years, we have witnessed a steady rise of cyber-security incidents against infrastructures of the financial sector, such as phishing, ransomware and DDoS (Distributed Denial of Service) attacks . These incidents include notorious attacks, which have resulted in significant economic damage, while decreasing trust in financial institutions and questioning their social value. As a prominent example, the fraudulent SWIFT transactions cyber-attack back in February 2016 resulted in $81 million being stolen from the Bangladesh Central Bank. Recently, the famous “Wannacry” ransomware attacked financial institutions (among several organizations in other sectors) and reaffirmed that the financial services industry is a primary target for cyber criminals . These incidents provide evidence of the vulnerabilities of the cybersecurity infrastructures of financial organizations, which persist despite increased investments in cybersecurity.
Beyond the need to increase thei cyber-resilience in a complex technology and regulatory landscape, financial organizations must also address physical security challenges and their interplay with cyber-security. Financial organizations need to invest heavily on physical security measures as a result of the rise of traditional physical attacks (e.g., robberies, burglaries and larcenies) and the increase in the number of attacks against networks and data centers. Moreover, there is a rising importance and criticality of physical assets (e.g., buildings and data centers) for financial organizations, given the reduction of the number of property assets that they own. For example, as the number of head offices is reduced, their business criticality is heavily increased, which requires their protection from physical attacks based on technologies such as CCTV (Closed Circuit Television), intelligent visual surveillance, security lighting, alarms, access control systems and biometric authentication. Although these technologies help reduce the required human effort and related costs, they are still not effective for handling complex asymmetric attacks.
The increased reliance of physical security on ICT-based technologies can enable a close affiliation between physical and cybersecurity measures, including threat identification and mitigation. Even though this could be very useful towards assessing financial security risks and their implications in a holistic way, this relation is poorly explored, as cyber-security and physical security systems remain disaggregated and operate independently of each other.
Recent advances in ICT and security technologies could alleviate these concerns, through facilitating the deployment of sophisticated and intelligent security solutions, which consider cyber-threat and physical security vulnerabilities at the same time. In particular, they can enable the integration of measures and technologies for cyber and physical security, but also more dynamic approaches that emphasize prediction of security incidents and risks, as means of activating vulnerability assessment and risk mitigation techniques in the right context. New security techniques should be also blended in the new regulatory environment, in order to boost financial institutions compliance to laws and regulations