As a high-profile target for breach attempts, banks are all too familiar with having a bullseye on their backs. Over the past ten years, there has been a massive industry shift in the financial services sector from compliance-based cybersecurity to proactive and predictive threat detection and response operations. The transition has not only been fueled by the increase in sophisticated nefarious actors – but also the acceleration of data growth and diversity and the adoption of cloud services.
With 70 percent of organizations hosting data or workloads in the public cloud experiencing a security incident and 66 percent of organizations leaving back doors open to attackers through misconfigured cloud services, financial services (FinServ) organizations have been forced to ask themselves: “Are we truly resilient?”
The answer to this question lies in a broader view of cyber defense strategies, changing how we speak about risk mitigation – and how we plan for it. To do that, we have to first address the aspects of business that make a financial services institution such a vulnerable target in the first place.
More data, more problems
Financial services is a highly competitive industry that is continuously pushing innovation and adoption of technologies that reduce operating costs and empower consumers with speed and simplicity of the financial services provided by the business. Digital growth spurred big data challenges, including the diversification of data that possess challenges to cyber operations capacity and knowledge of threat response to uncharted data risks. Proprietary applications are gaining popularity among financial institutions. This means that mobile devices collecting personally identifiable information (PII) across an entire consumer base are now a core part of a financial institution’s data ecosystem. And, with the proliferation of Internet of Things (IoT) solutions, new data points and logs need to be measured and reviewed as part of both routine hygiene checks and vulnerability scans.
As companies produce more data output, it places greater strain on the resources needed to monitor an environment properly – let alone improve its security posture overall. Because bank data is easy for cybercriminals to monetize, every new endpoint and user becomes a weakness for bad actors to exploit with motive and means.
The Supply Chain Lynchpin
Supply chain risks present very real concerns. Attackers can target FinServ organizations through their own suppliers. Attackers can also target non-financial organizations using financial companies that provide services through the supply chain. Banks and financial institutions play a crucial role as an intermediary for businesses as they grow, in particular by making transactions possible that fund any range of activities, including but not limited to enabling import buyers and export suppliers. As such, banks are a high priority target in supply chain attacks, with the fallout from breaches cutting off access to critical resources for partners and exposing suppliers and other third parties to nefarious actors in the process.
This unintended consequence has been under increased scrutiny thanks to a rise in sophisticated attacks that use interconnected supplier systems to increase the scope of impact (like the recent SolarWinds breach, for example).
Cloud’s Back Door
Cloud adoption has created so many positive outcomes for the FinServ industry, helping to make infrastructure more cost-effective and enabling a stronger customer experience with platforms that can scale up and down on demand. But is security keeping up with cloud adoption? The benefits of the cloud are innumerable, but so is the responsibility to plan, build, test and run new cyber resilience strategies to ensure that what is built for the cloud is also secured for the cloud. The same investment in innovative thinking that is expected for cloud platforms should also be applied to the security that protects them.
A successful cyber resilience strategy outlines a four-step approach that aligns with a company’s digital transformation strategy overall. Plan, build test and run your security programs while executing business initiatives, addressing a layer of new security needs as you evolve. When beginning to plan (step one), keep these things in mind:
Security strategy today must take into consideration more than network infrastructure hygiene. Perhaps counterintuitively, greater access to cloud and technological innovation has also reinforced the need to think critically about advanced physical security and identity management. Making sure the right access permissions are being enabled has an impact on a company’s overall security posture. When traditional forensic and personnel insights are connected to other alerts within a cyber defense center, threat intelligence investments can be applied across traditionally isolated data. With inside threats on the rise, risk resilience teams need to work more closely with physical security teams so that companies can see the big picture.
Regardless of an organization’s commitment to security excellence, the speed of change that comes with digital transformation adds stress to even the most risk-resilient business. Adopting technology fast enough to keep pace with consumer demands – without risk analysis becoming a roadblock to innovation – is a negotiation security leaders must master as they rise to the challenges of our day. For FinServ companies, both large and small, the search for protection from attacks continues. A strong cyber resilience strategy positions them to see looming threats more clearly so that they can respond and contain them swiftly to avoid negative impacts.