As a high-profile target for breach attempts, banks are all too familiar with having a bullseye on their backs. Over the past ten years, there has been a massive industry shift in the financial services sector from compliance-based cybersecurity to proactive and predictive threat detection and response operations. The transition has not only been fueled by the increase in sophisticated nefarious actors – but also the acceleration of data growth and diversity and the adoption of cloud services.
With 70 percent of organizations hosting data or workloads in the public cloud experiencing a security incident and 66 percent of organizations leaving back doors open to attackers through misconfigured cloud services, financial services (FinServ) organizations have been forced to ask themselves: “Are we truly resilient?”
The answer to this question lies in a broader view of cyber defense strategies, changing how we speak about risk mitigation – and how we plan for it. To do that, we have to first address the aspects of business that make a financial services institution such a vulnerable target in the first place.
What Makes Banks a Target
More data, more problems
Financial services is a highly competitive industry that is continuously pushing innovation and adoption of technologies that reduce operating costs and empower consumers with speed and simplicity of the financial services provided by the business. Digital growth spurred big data challenges, including the diversification of data that possess challenges to cyber operations capacity and knowledge of threat response to uncharted data risks. Proprietary applications are gaining popularity among financial institutions. This means that mobile devices collecting personally identifiable information (PII) across an entire consumer base are now a core part of a financial institution’s data ecosystem. And, with the proliferation of Internet of Things (IoT) solutions, new data points and logs need to be measured and reviewed as part of both routine hygiene checks and vulnerability scans.
As companies produce more data output, it places greater strain on the resources needed to monitor an environment properly – let alone improve its security posture overall. Because bank data is easy for cybercriminals to monetize, every new endpoint and user becomes a weakness for bad actors to exploit with motive and means.
The Supply Chain Lynchpin
Supply chain risks present very real concerns. Attackers can target FinServ organizations through their own suppliers. Attackers can also target non-financial organizations using financial companies that provide services through the supply chain. Banks and financial institutions play a crucial role as an intermediary for businesses as they grow, in particular by making transactions possible that fund any range of activities, including but not limited to enabling import buyers and export suppliers. As such, banks are a high priority target in supply chain attacks, with the fallout from breaches cutting off access to critical resources for partners and exposing suppliers and other third parties to nefarious actors in the process.
This unintended consequence has been under increased scrutiny thanks to a rise in sophisticated attacks that use interconnected supplier systems to increase the scope of impact (like the recent SolarWinds breach, for example).
Cloud’s Back Door
Cloud adoption has created so many positive outcomes for the FinServ industry, helping to make infrastructure more cost-effective and enabling a stronger customer experience with platforms that can scale up and down on demand. But is security keeping up with cloud adoption? The benefits of the cloud are innumerable, but so is the responsibility to plan, build, test and run new cyber resilience strategies to ensure that what is built for the cloud is also secured for the cloud. The same investment in innovative thinking that is expected for cloud platforms should also be applied to the security that protects them.
Building a Successful Cyber Resilience Strategy
A successful cyber resilience strategy outlines a four-step approach that aligns with a company’s digital transformation strategy overall. Plan, build test and run your security programs while executing business initiatives, addressing a layer of new security needs as you evolve. When beginning to plan (step one), keep these things in mind:
- A new environment requires a new security strategy. Applying the same security strategy you had on-premise to your cloud environment is a recipe for disaster in the age of the cloud. Whether migrating to the public cloud or building a private cloud environment, don’t skimp on strategy. Create policies to define what “good” looks like and gain consensus on security fundamentals before making the move to the cloud.
- Fact verses fiction in threat protection, and detection gaps with continuous testing. Much like you would test an app before it becomes available to the public, test your security before it goes live. Using an in-house red team or third-party partner, take vulnerability discovery seriously. Expect to find issues at the beginning; this is normal. You’ll be more cost-effective and confident as you take advantage of the benefits cloud products and solutions can offer your business.
- Remember, AI and machine learning does not replace cognitive thinking. AI and machine learning is a huge part of forward-thinking business solutions for FinServ companies, but it does not replace human beings’ roles today in applying AI to cyber. Too often, AI and machine learning arrive as an over-promised, under-delivered “easy” button. These technologies applied to bad rules and poorly developed security strategies won’t produce positive outcomes. Human ingenuity is more valuable than ever in cybersecurity, and supervised machine learning ensures you are getting the best of both worlds.
Looking Ahead: Redefining the Separation Between Physical, Digital and Human Security & Risk Resilience
Security strategy today must take into consideration more than network infrastructure hygiene. Perhaps counterintuitively, greater access to cloud and technological innovation has also reinforced the need to think critically about advanced physical security and identity management. Making sure the right access permissions are being enabled has an impact on a company’s overall security posture. When traditional forensic and personnel insights are connected to other alerts within a cyber defense center, threat intelligence investments can be applied across traditionally isolated data. With inside threats on the rise, risk resilience teams need to work more closely with physical security teams so that companies can see the big picture.
Regardless of an organization’s commitment to security excellence, the speed of change that comes with digital transformation adds stress to even the most risk-resilient business. Adopting technology fast enough to keep pace with consumer demands – without risk analysis becoming a roadblock to innovation – is a negotiation security leaders must master as they rise to the challenges of our day. For FinServ companies, both large and small, the search for protection from attacks continues. A strong cyber resilience strategy positions them to see looming threats more clearly so that they can respond and contain them swiftly to avoid negative impacts.