“If they [aren’t] already, [financial services] CTOs and CIOs should be losing sleep about cyber extortion and company data being held for ransom,” he says. “CNN reports that ransomware events are expected to collect $1 billion in 2016, with researchers seeing a 3,500 percent increase in the criminal use of net infrastructure to run ransomware campaigns. It's not a matter of if a company will get hacked, it's when,” he says.
To combat cyber ransom threats, financial services CTOs and CIOs need to “understand the current threat landscape and potential attack vectors,” says Herberger. And they “should be taking preventive action to ensure all data is safe, secure and backed up,” says Packer. “It's literally a matter of business life or death.”
5. Aging IT infrastructures and IT spending cuts
“Many [financial services] organizations continue to rely on IT infrastructures that are built on outdated components and are running with vulnerabilities,” says Joseph Pagano, practice advisor, Financial Services, Cisco Digital Transformation Group. The challenge for financial services CIOs and CTOs is to “figure out how to update and proactively maintain infrastructures in order to mitigate security risks and keep adversaries at bay during a time when boards of directors are asking IT to further cut budgets to help meet ROE targets,” he says. “How can CIOs help their firms save money while enhancing operational risk management and cybersecurity capabilities?”
“Companies have invested heavily in advanced technology, from firewalls to SIEM tools, but they’re often forced to prune data due to cost and scalability limitations of tools,” says Don Brown, cofounder & CIO, Rocana. “That means they often can’t shed light on events that happened months ago, putting them at risk of attacks that lay dormant for weeks or months. To sleep well at night, IT leaders need… solutions that allow them to collect all data from all sources and keep it accessible and searchable in real-time for advanced forensics.”
6. Compliance with government and industry regulations
Companies operating in the financial services sector must comply with a host of government and industry regulations. And adhering to these regulations, as well as keeping abreast of new regulations, often falls to the CTO or CIO.
“The Bank Secrecy Act (BSA) and anti-money laundering compliance [in particular] has taken a toll on CIOs and CTOs for years,” says Larry Larmeu, managing director, L2 Digital. “Banks have to comb through transactions for possible fraud and report them to the federal government. Some banks have over 1,000 employees dedicated to this alone,” he reports. “New data analytics capabilities are lessening the burden for some banks, but some have legacy systems that are difficult to integrate with these big data processing platforms.”
Sign up for CIO Asia eNewsletters.