Targeted cyberattacks in the financial industry show no signs of waning. The financial sector is a ‘perfect target’ for cybercrime and it’s been estimated that financial services encounter security incidents 300% more frequently than other industries.
It makes sense; attackers will focus on the most lucrative targets – from attacks on payment systems to the theft of high value, high worth PII (personally identifiable information). As a result, the sector is facing increasing challenges in managing cyber risks, perpetrated by well-resourced and well-organised criminal gangs. The impact of their activities can be devastating, as was evident earlier this year when criminals exploited the SWIFT messaging system to steal $10 million from a bank in Ukraine and $81 million from the Bangladesh Central Bank.
The reality is that attacks such as these will become more pervasive as criminals turn their attention to digital crime. In the face of more complex challenges, there are no quick-fix answers. However, the industry can take measures to improve the way in which sensitive data is audited, tracked and controlled. Combined with fit-for-purpose detection and incident response strategies, a deep understanding of data will help reduce the surface area of risk and can mitigate the damage if a breach does occur.
Know Your Data
No amount of threat detection or prevention can make a system 100% secure. Teams charged with managing the protection of customer data face a perfect storm of increasingly sophisticated threats like ransomware, zero day exploits, phishing scams, bots and more. Banks rightfully invest millions into cybersecurity tools to detect and prevent attacks. However, attackers can, and will, exploit vulnerabilities (technological or human) that exist in any system.
Defending digital assets is a complex challenge and a successful attack can cause significant damage in terms of the direct financial cost from theft, or loss of data, but also the wider impact from consequent loss of business, legal, regulatory and reputational costs. Taken together, these impacts create a significant amount of risk for any organisation, and especially for the financial sector. The best foundation for limiting risk and improving resilience is taking a thorough audit of your most important digital asset: your data. This is no small task; there is more data held, across more locations, and on more endpoint devices than ever before. Add to that the host of digital information that can be shared to the cloud, via email and even with social media, and the challenge of tracking data is further exacerbated.
When conducting an audit, start by ensuring that data maps are up-to-date, that all data repositories have the correct control polices and that, above all, you fully understand where the most critical data is stored. Identify where any ‘unsecured’ data is being held and conduct regular sweeps across the network to get the full picture of data locations.
Ensure that all the correct policies for data access, data governance and data protection are not only implemented, but also enforced.
Proactively, financial institutions should look to monitor activity and establish what normal activity looks like for their endpoint devices and servers. With a baseline of normal activity, an organisation can more quickly identify indicators of compromise (IoCs) by identifying abnormal behaviours either by systems or employees that could pose a risk. Leveraging data from all servers and end-user devices, endpoint security analytics can give complete visibility of endpoint activities across the network, in order to detect any anomalous behaviour, areas of potential risk, and security threats before damage can spread.
Stress-Test Incident Response Plans
Even when incident response (IR) measures are in place, all too often the processes for knowing the lines of decision making, the communications processes and which systems to shut down have not been thoroughly practised. Although many organisations may think that they have robust security policies in place, how well-drilled are they at responding to security incidents when these occur? All too frequently, it isn’t until a real world incident occurs that the shortcomings of plans are uncovered.
The most significant starting point for determining the scale of a threat is assessing the type of data that has been targeted, which is why it’s important to have mapped exactly where sensitive data is held, and to prioritise responses based on these sensitive data profiles. This can save significant time in data ‘stock-taking’ that would need to be performed in the immediate aftermath of a cyber-attack.
Mitigating the risk and impact of breaches requires a coordinated, well-planned and fully practised security strategy. Whilst attacks are on the rise, we shouldn’t wait for the ‘hit’. It’s more important than ever to be proactive, taking all necessary measures to identify and secure data, spot the warning signs of attacks and implement the appropriate response should any incident occur.
By Fortunato Guarino, cybercrime & data protection adviser, Guidance Software