In today’s era of rapidly developing digital finance, incidents such as data breaches, ransomware attacks, and account takeovers are occurring with alarming frequency, posing unprecedented cybersecurity challenges for the financial sector. Faced with cross-border compliance issues and increasingly diverse threats, the traditional 'perimeter-based defense' model is no longer sufficient. Following the release of the Zero Trust Implementation Guidelines by the Financial Supervisory Commission (FSC) last year, this year the FSC has gone further by promoting the Financial Cloud Security Monitoring Standards, establishing new security benchmarks for the industry. According to iThome, cybersecurity investment in the financial sector grew by 11.2% in 2024 compared to the previous year, with nearly 40% of institutions beginning to invest in Zero Trust identity and device authentication. Zero Trust is rapidly becoming a core strategy for financial institutions worldwide to strengthen cybersecurity.
Why does the financial industry need to adopt a Zero Trust architecture
Reassess cybersecurity policies with a zero-trust mindset
In light of the aforementioned risks and challenges, enterprises should re-examine their internal cybersecurity policies and architectural processes with a zero-trust mindset, focusing on the following three areas:
- Outside-in: Reduce the attack surface and increase defense depth.
- Inside-out: Expand the protection surface while limiting the impact of potential damage.
- Enhanced visibility: Continuous monitoring and verification.
According to the Zero Trust Maturity Model published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Zero Trust capabilities consist of five pillars: identity, devices, network, applications, and data. Enterprises should gradually implement the core principles of Zero Trust across these domains, including never trust by default, continuous verification, and least-privilege access, evolving from manual configurations to full automation, and shifting from passive security policies to proactive governance. The recommended assessment approach is as follows:
- Identity: Two-factor authentication (2FA), dynamic attribute-based access control, etc.
- Devices: Device health and compliance management, such as OS updates and antivirus software updates.
- Network: End-to-end encrypted transmission, properly segmented network zones, and network connections based on the principle of least privilege.
- Applications: Security settings for internal and external applications, adhering to the least-privilege principle.
- Data: Encryption of sensitive data at rest, data loss prevention, and real-time monitoring of data access activities.
Enterprises can start with high-risk areas and ensure the five pillars work in coordination to build a comprehensive security strategy, continuously verifying all users, devices, applications, and access requests. This layered approach makes it harder for attackers to penetrate, helping reduce the risk of attacks and better protecting valuable corporate secrets and data.
Beyond Zero Trust Architecture, 4 Key Focus Areas for Financial Institutions in the Future
- The Pros and Cons of AI in Information Security:The emergence of AI has made cyber threats and attack techniques increasingly complex, with numerous AI-driven financial fraud incidents reported in recent years. However, when applied to threat detection, automated response, and vulnerability management, AI can significantly enhance both efficiency and security for enterprises. According to iThome, in 2024, 50% of financial institutions began evaluating the feasibility of generative AI applications in finance, while actively raising employees’ cybersecurity awareness when using AI.
- New Regulations on Electronic Signatures and Identity Verification:In response to the expansion of online services, an eKYC-level and business risk mapping has been established. Electronic signatures are now legally equivalent to handwritten signatures, and in the event of private key data leakage or loss, notifications must be issued.
- Strengthening Supply Chain Cybersecurity and Compliance Risk Management:Financial institutions work with numerous vendors and often face cybersecurity challenges, including lack of information transparency, multi-layered outsourcing, and insufficient security budgets. These issues can create security gaps and hidden risks. Establishing secure data exchange mechanisms and comprehensive activity tracking is essential to ensure cybersecurity compliance and prevent supply chain data risks from impacting business operations.
- 後量子密碼挑戰:後量子加密 (PQC) 是指抵禦強大量子電腦攻擊的加密演算法。儘管大規模量子電腦仍處於開發階段,但「先竊取、後解密」(HNDL) 的威脅模式意味著企業必須立即開始為量子安全的未來做規劃。國際金融業包含美國、日本和新加坡皆開始啟動PQC遷移計畫。
OmniStor 以「資料為變界」回應金融業零信任需求
ASUS OmniStor 零信任檔案管理系統,透過多重的資料安全防禦機制,為擁有大量機敏資料的金融業,打造整合型的單一資料管理平台,面對單位內外隱藏的資料威脅,提供兼具安全防護與軌跡稽核的應用,將零信任思維深化至各個節點,滿足最小權限及持續驗證的核心原則。OmniStor提供滿足內外兼備的解決方案如下:
A. Internal Strengthened Controls
- 整合成員帳密,強化登入安全
- 存取權限控管,確保資料不落地
- 完整行為軌跡,滿足合規與監控
B. External Proactive Defense
- 資料安全性設定,機密不外洩
- 儲存傳輸加密,檔案交換更安全
- 勒索病毒偵測,異常行為終止同步
此外,華碩集團近日亦宣布自主研發的後量子密碼演算法,正式通過美國國家標準與技術研究院(NIST)旗下之密碼演算法驗證暨化,未來將廣泛整合應用於華碩各產品線,提供全球企業與個人用戶最先進的抗量子資安解決方案,持續強化金融資安韌性。
Want to learn more about the OmniStor Zero Trust File Management System? >>https://www.asuscloud.com/omnistor/
Need a free consultation for a Zero Trust file management solution? >>https://www.asuscloud.com/contact/
Reference sources:
- iThome: https://www.ithome.com.tw/article/162261
- 【信任賦能共創數位新生態】2025台灣數位信任論壇簡報
- 華碩新聞:https://press.asus.com/tw/news/press-releases/asus-post-quantum-cryptography-cavp/