While rolling out a hybrid working model has several advantages, from gaining access to a wider pool of talent, to providing a better work-life balance for employees, remote working can also act as a gateway for increasingly sophisticated cyber criminals plotting attacks on financial institutions.

As employees share data in different locations and work on a range of personal devices, addressing data privacy risk is high on the agenda for most financial services institutions (FSIs). As the cost-of-living crisis intensifies, criminals are adapting their methods to take advantage of nationwide economic hardship - meaning employees are at greater risk of clicking on the wrong link, accidently sharing important data, or actively engaging in insider fraud.

Lorenzo Grillo, Managing Director of Alvarez & Marsal's Disputes and Investigations practice in London, recently joined FSTech's 'Cybersecurity Live' panel of industry-leading experts to discuss how remote working and the cost-of-living crisis is impacting the cyber risk landscape. The main takeaways of the session are summarised below:

FSIs reacted well but still have a way to go

Financial institutions have been grappling with new problems in the cyber space since the outset of the pandemic, as the industry began implementing more of a hybrid working model.

Working from home has become a gateway to new forms of data theft, especially as the new working model established itself in parallel with the increased reliance on public cloud and 'software as a service' (SaaS) applications.

FSIs were certainly among the best prepared due to the typically high-level security regulatory requirements, but within this there has been a variation in pace; some more structured financial institutions switched cyber security strategy immediately to cover the new threats related to hybrid working (e.g. the use of VPNs, third party risk management, USB stick bans). However, some prioritised service availability over the security requirements, showing there is not yet uniformity across the board.

Health-related crisis events such as the pandemic were not previously included as a crisis scenario in business continuity plans, and many FSIs have begun to redefine their cyber resilience plans with remote working becoming an important element of that review.

The cost-of-living crisis presents a danger

As the cost-of-living crisis intensifies this winter, rising inflation and economic hardship will have an impact on cyber risk for FSIs that use a hybrid working model.

The fear of not having enough money to cover necessities could lead a person to take on an "easy" money-making opportunity, lured by financial cybercrime groups which "hire" individuals for specific roles. For example, IT experts could be hired to develop a virus, or an IT manager to attack servers. With their pre-established ability to work remotely from home, taking on an extra task like this would be considerably easier and fly under the radar.

This potential availability of new attackers' qualified workforce lowers costs for cyber criminals, and consequently increases the quantity of cyber-attacks, in which FSIs are a primary target. In cases where employees deal with IP or trade secrets, the economic difficulties could also spur insider trading. FSIs should reinforce their policy, processes, technologies, and monitoring to ensure an increased protection of their critical data, sometimes referred to as "crown jewels".

Employees are a key defence

It is key for financial services firms to monitor data privacy without breaching employee trust and hindering employee workflows.

This starts with a clear and applicable security policy to inform the employee of the monitoring actions triggered by the company, as well as the reasons why. Ensuring the employees are aware they form part of the "crown jewels" protection allows for the building and maintaining of a trusted relationship. One example of this is clarifying the acceptable uses of corporate mobile devices or having a clear and applied bring-your-own-device policy also helps in maintaining a good level of trust.

Employees should also be involved in simulated data breach incidents coupled with data privacy mandatory trainings, as employees are typically not aware of what happens in case of a breach unless it happens. This would raise awareness about the controls and protections to be applied to data, while also showing the employee the chain of actions in the event of a data breach incident, from response and recovery to the forensic stage.

Technology and strategy are crucial

Cybercriminals are now capitalising on the increasingly interconnected financial system and turning to so-called "island hopping" attacks to reach their targets. An island hopping attack is a hacking campaign that targets an organisation's more vulnerable third parties to undermine the target company's cybersecurity defences and gain access to their network, instead of directly attacking a well-defended target.

The cyber strategy should focus to ensure digital operational cyber resilience, including the supply chain. From a technical perspective, it will be important to increase the ability to detect critical attacks enhancing automation and orchestration. A zero-trust environment should be considered to reinforce data security, user authentication, encryption, logging and auditing.

A&M: Leadership. Action. Results.

A&M's Cyber Risk Services practice helps executive leadership decipher the black box of cybersecurity and confidently make better informed cybersecurity decisions through sound risk management principles. A&M brings a deep operational heritage and hands-on approach to delivering cybersecurity solutions that create sustainable operational, regulatory and financial results. Our teams of senior professionals are uniquely qualified with regulatory and industry experience to address the demands of organizations and to manage cyber and operational risks in a comprehensive manner. A&M's approach focuses on providing foundational solutions that mitigate risk and ensure appropriate levels of capital reserves while maximizing operational effectiveness.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.