How security automation can help finance institutions outpace cyberattacks
The financial services industry handles waterfalls of sensitive and lucrative data every second. Within these split seconds, thousands of confidential transactions are conducted online. At stake are vast amounts of money and personal data, that can potentially place people and businesses in jeopardy. But despite the vulnerabilities and potential for huge losses, the industry is far from containing cybercrimes. If anything, the costs of cyberattacks against financial service organizations are rising.
Given the value of data residing in organizations, the finance services sector experiences significantly more cyberattacks than any other industry.
Renowned cyberattacks, including the Taiwanese SWIFT bank cyber heist, mounting to a loss of $60 million, the Russian central bank theft and the Bangladesh cyberattack reaching $81 million, are just some of the cases that made headlines.
Average annualized cost of cybercrime by sector (source: Accenture, Ponemon Institute)
Although finance firms are not the most frequent victims of cybercrime, they face higher costs relating to such incidents compared to businesses in any other sector, according to the Ponemon Institute and Accenture. Today the shadier parts of the internet are teeming with account logins, card numbers and other stolen financial data, all at a price.
Coming to grips with both the costs and the tools for curtailing cybercrimes can help security and risk personnel better deal with the gap between their own defences and the threat actor’s capabilities.
How come finance services firms are outpaced by cyber attackers?
Apparently, the average yearly cost of cybercrime for finance companies globally has increased by more than 40 percent, from $12.97 million per firm in 2014 to $18.28 million in 2017. Inevitably spending on cybersecurity increased in response to the crimes spike, but the budgets allocated were no match. Then again, attackers will always have the advantage of needing to spend money, time and effort on one attack, while the finance services firms need to build a cyber defense front against all of them.
The enemy within
Shadow IT, or worse still, harmful insiders are highly challenging issues for banks. On the physical side, banks built an intricate system involving measures such as; dual cash counting, two vault keys and two staff members to update ledger entries. Unfortunately, the tight regulations on the floor did not readily translate as well to the data sphere. Data in critical infrastructures was not privy to such tight controls. This perplexing attitude to digital assets earlier on made it easier for insiders to leak data and at times, even partner up with the attackers.
Banks are green fields for Advanced Persistent Threats (APTs)
While bank customers are still the target for phishing and botnet attacks, finance firms have become top targets for organized advanced persistent threat (APT) groups.
It is increasingly clear that organized cybercrime groups are becoming more sophisticated and are aiming to reap higher financial goals. No longer interested in volume attacks on bank customers, these financially motivated adversaries, otherwise known as APTs, invest insurmountable time, training and money in attacking the source. Sometimes to achieve their goal they are willing to wait patiently and lie low under the radar for months. They will wait for the opportunity to take advantage of a shadow IT incident or any other vulnerability, and advance along an attack vector in a bid to reach the digital crown jewels.
Why automated continuous simulation is essential for finance firms
When compliance is no longer enough
As attacks grow more sophisticated and complex, financial institutions must shore up their line of defense and focus on security, beyond compliance. The challenge is that compliance needs do not necessarily make a good security foundation. Gaps may exist, and compliance prerequisites may not be keeping up with threats.
Thinking and acting like a hacker 24/7
Finance firms appear to be hardening their internal networks, but to overcome the barrage and scale of attacks working 24/7, it’s worth considering the next wave of cutting edge automated testing tools, capable of operating continuously, day in, day out, like a team of sophisticated hackers.
Overcoming security gaps
In the enterprise world, simulated red team – blue team cyber exercises are common place and have been growing in popularity for over a decade.
However, what happens in between exercises? What fills the defense void during these time gaps?
To fill the gaps, automated red teaming followed by blue team actionable remediation is likely to become a common strategy of cyber offense-defense efforts. This move to automation could empower finance organizations with a full and continuous vision of security gaps otherwise overlooked. It could arm them with a worm’s eye view into new back doors and blind spots as soon as they appear, and then move to remediate them immediately without delay.
In sum, as countless new doors into finance networks crack open every day, and cybercrime costs are increasing, finance firms are doing more to mitigate risk and combat cyber threats. The question is what strategy, what mindset and which technologies could most effectively turn the tide against APTs infiltrating finance organizations? Setting up an automated threat hunting team that continuously tests for vulnerabilities, could be one weapon worth considering for unearthing security shortcomings.