Contact Us Blog T. 212.792.5200


Blog - Netfast

Home    >    Resources    >    Blog

Cyber Security Risks: Small – Midsized Financial Services Firms

Date posted: 29th May 2015

The cyber security risk is real and the cost is real. Cyber crime and lack of focus are costing financial services firms money and trust. Over the past few years some of the largest financial services firms in the world including Citigroup and JP Morgan Chase have been the victims of cyber attacks. These attacks have caused billions in direct losses due to platform outages, lost customer data and compliance penalties. On top of that there are immeasurable impacts to customer trust, negative PR and brand association.

If the hackers are hitting only the top banks do I need to worry?

Yes, you do. Well publicized, major data breach incidents such as those that occurred at Citigroup and JP Morgan Chase are only part of the problem. Smaller and midsized Financial Services firms should also be prepared for the growing security threats popping up every day.

It’s not hackers only!

Current and former employees, contractors, suppliers and others that you let into your system with consent can also leak data. In fact according to recent research by pwc over 70% of incidents in the financial services industry are originated by a source that did not “hack” into the network from the outside.

In the past year over 60% of SME sized Financial Services firms have experienced at least one incident. Over 20% of firms in the space have seen over 10!

The impacts here vary from stolen customer and employee data to rogue trades, and proprietary business information breached.


  • Direct costs

PWC research found that 80% of incidents cost Financial Services firms at least $50,000 in direct expense

  • Trust

Your customers and employees trust you with sensitive data. One single incident can irrevocably remove that trust overnight causing funds to be pulled which for a smaller firm can be deadly

  • Compliance

Since the 2008-2009 financial crisis regulatory and compliance policies have increased in the United States. The U.S. Commodity Futures Trading Commission (CFTC) and Securities and Exchange Commission (SEC) have policies in place to fine or bar trading desks that do not meet compliance standards for cyber security.

What can be done? The Netfast Approach to Cyber Security for Financial Services

Our consultative, business first approach allows us to provide vendor-agnostic solutions that improve business agility, reduce security risk and improve profitability. Netfast partners closely with firms such as Palo Alto Networks, Barracuda, and Symantec to help provide best-in-class solutions for our customers. We work with you as a trusted advisor every step of the way to understand threats, find hole and secure your environment.

Our Cyber Security consulting process starts with a network and infrastructure vulnerability assessment

  • Vulnerability Assessment Process
    • We define and classify all network and system resources
    • Then assign each a risk and importance to business critical process
    • We analyze and identify potential threats to each resources
    • We work with you to develop a strategy to address the highest ranked risks first
    • We also define and implement process to minimize the consequences if an attack is attempted
    • We’ll work to also provide certification and government boards the appropriate disclosure if needed. For financial services firms specifically this may include
      • Computer Emergency Readiness Team (CERT)
      • Securities and Exchange Commission (SEC)
      • Commodity Futures Trading Commission (CFTC)

Our certified engineers will work with you every step of the way to identify the risk, understand the threat and resolve problems before they become the next major news story.

Our second step is Penetration Testing

Penetration testing is designed to replicate the actions of a hacker by actively attempting to hack a system. The intended goal is to hire a good-guy hacker to breach the network before a bad-guy gets in.

There are three main areas of penetration testing

  • Social Engineering: As PWC’s research proved humans specifically employees cause most security issues in a business environment. Process and procedures are put in place by IT to mitigate this risk but who is checking to make sure they are followed? Our good-guy hacker will use tactics such as phone and email to find process flaws that may reveal sensitive data.
  • Application testing: using software and application to scan the network and find probable holes. This includes SQL injection, and bots amongst other channels
  • Physical Penetration Testing: testing the physical security of facilities that house sensitive information and devices

After the three areas are complete your Netfast consultant will provide a detailed report that will outline threats found and resolution suggestions. They will then work with our engineering services team and our best-in-class partners to implement remediation if needed.

In conclusion the threat gets worse each day and the risks to business are huge. Financial services firms such as yours are in business to make money and retain profit, so are hackers. Let Netfast come in today to analyze your environment, and solve problems before they becomes tonight’s news.

About Netfast Technology Solutions
Netfast is paving the way for the next generation of IT innovation.  We are disrupting the industry with an IT automation platform providing a vendor agnostic approach to solving complex business challenges.  Netfast executes and delivers consultative IT solutions with a core mission of improving business agility and profitability for our customers.

Netfast Technology Solutions – 989 Avenue of the Americas, 4th Floor New York NY 10018

Data Source: The Global State of Information Security Survey 2015

Data originally posted by pwc on May 25, 2015