How Does FIDO Help Protect Financial Services Institutions?
In a world where money is the main motive behind data breaches, and there are plenty of them, there is an industry where the stakes are the highest: financial services. Facing increased security risks and regulations, financial services institutions are 300 times more likely to be hit by a cyberattack than other sectors.
From intricate internal networks, complex financial platforms, sensitive information and customer data accessed by employee credentials, the list of assets that are at risk for financial organizations when it comes to cyber-attacks is endless. Protecting customers from fraud, phishing and scams is one thing, but securing internal networks and resources that have access to a whole world of internal and external data is another. This is why it is critical to protect from the inside and deploy strong authentication methods within our financial workforces.
A High Target Industry With High Rewards for Hackers
The average cost of a cybersecurity attack in financial services is $18.5 million, which is higher than any other vertical. It is not just about potential financial catastrophes. Financial services are all about trust. Financial services organizations must continually win over their customers, secure their environments and innovate faster to stay competitive. Consequently, a seemingly small data vulnerability can destroy the reputation of financial service institutions and harm the critically important retention of customers – not to mention creating highly damaging legal implications and fees.
This highly targeted industry leaves no room for financial institutions to fall victim to outdated and unsecure authentication methods. Between February and April of 2020, the world saw a 238 percent increase in cybersecurity attacks against financial services, and with the remote workforce as widespread as we could ever have imagined, it is now a necessity to ensure secure access for our entire financial workforces from anywhere in the world.
How Can Banks and Financial Institutes Prevent Cyberattacks?
By now, we are all aware that usernames and passwords no longer suffice when it comes to workforce authentication – especially within an industry as valuable as financial services. Forty-two percent of breaches are still due to a user password compromise, and while many financial institutions have likely moved beyond this to 2FA or multi-factor authentication (MFA), the issue is deploying a solution that covers every single identity, network, application or piece of information. MFA is most likely to predominantly be implemented for high-risk use cases, resulting in disconnected tools, siloed systems and decentralized user populations and credentials. In an environment so frequently under attack, financial institutions’ authentication processes must follow a Zero Trust model – always with an eye to implement solutions that adapt with changing security standards and technologies.
While it may seem overwhelming to close every single gap and build a Zero Trust model, it doesn’t have to be as complex as you may think. Now is the time to pull back and take a centralized and uniform approach to MFA that incorporates the highest levels of security in harmony with intuitive user experiences. Implementing highly secure and simple passwordless workforce access is the way forward, and that is where the use of FIDO technology comes in.
What Has FIDO Got to Do With It?
The FIDO standard is an open security protocol that is known for being difficult to intercept when it comes to authentication and is consequently the basis for various MFA credential options such as SMS-based, mobile-app based authentication as well as hardware-based credentials like smart cards and USB security keys. The vision of FIDO is to get rid of passwords and the burden of both managing and remembering them – for users and admin alike. FIDO-enabled devices allow workforces to authenticate without the need for an additional software middleman, by communicating directly with the application users are seeking access to. This open standard creates a single and more secure authentication using public key cryptography – single gesture, possession-based and phishing resistant.
FIDO in Financial Services
With security being at the heart of financial services, FIDO is an important concept that has the aim of continuously strengthening the security of the industry as a whole. As such, 20 percent of FIDO Alliance board members are financial institutions who contribute to the ongoing journey to passwordless authentication.
Financial institutions are complex in nature, resembling an “onion” of countless layers, usernames and passwords that need to be remembered and managed. This makes for an extremely tricky job with many layers for hackers to compromise. Moving away from these clunky usernames and passwords on a widespread basis by enabling employees to simply tap or insert a FIDO enabled device to their workstation facilitates a frictionless user experience with little room for error – protecting data and blocking the front door of your organization.
In an industry where protecting customer data and employee access is vital, it also pays to be utilizing FIDO technology that ensures you are complying with regulations such as PCI and SOC2. Aside from the FIDO standard playing a key role in the protection of your internal resources, having FIDO standards behind remote users accessing networks and VPN ensures compliance is met from every corner of the world.
Going Passwordless With FIDO Enabled Devices
Deploying passwordless FIDO enabled devices in your financial institution does not have to result in another burden of investment that adds to pre-existing access processes and convoluted cyber systems. With FIDO2 enabled, Microsoft-compatible devices such as HID’s Crescendo® 2300 smartcard or USB key, can deliver versatility and security across all areas of your organization as well as:
- Secure access to: Windows log-on, cloud and desktop applications, IT networks and systems, email encryption and digital signatures
- Choose between: Various communication interfaces (USB-A, USB-C, NFC, CCID Smart Card) and form factors (cards or USB keys) that best suit your environment
- Converged access: Access both facilities and IT resources with the convenience of a single corporate badge, while leveraging your current Physical Access Control Systems (PACS) infrastructure
- A complete solution: Manage your entire authentication solution from one vendor
It's Not Just About the Credentials
It’s about the whole ecosystem, too. While FIDO enabled devices facilitate a secure and easy authentication process for financial workforces, it is even more efficient to centrally manage these devices and credentials. Financial institutions benefit from solutions that satisfy the needs of various business units, so that they don’t need to individually manage multiple financial platforms such as FIS, Q2, Jack Henry, Kony and even additional platforms within these.
Authentication for the Entire Lifecycle
HID’s authentication solutions have you covered across the entire lifecycle and provide a whole world of authentication possibilities so that you can deploy versatile, multi-use credentials across all areas of your financial organization. HID’s FIDO2 enabled devices can be configured to be part of a contextual, risk-based security posture with software such as DigitalPersona™ that works with your organizations specific security requirements and steps up when you need it the most.
When it comes to flexible management, FIDO2 enabled Crescendo 2300 devices can be easily managed and configured via a single point such as WorkforceID Digital Credential Manager. Implementing an authentication ecosystem not only helps to streamline the process, but also facilitates the use of FIDO technology to reap the most security and benefits from your investments.
MFA is no “one size fits all” approach and HID’s authentication portfolio provides the ability to put together a custom authentication solution for your financial organization. Moreover, we offer solutions that grow with the financial marketplace and regulations, ensuring that products are a future-proofed investment to carry on securing critical workforce access.
Bob Crumpley is the IAM Director of Strategic Sales for HID Global, the leader in trusted identities. He has over 20 years of experience in the IT and security software industry. Bob has been with HID Global for three years specializing in the banking and finance markets.