By Ed Williams, EMEA Director of SpiderLabs at Trustwave
Unsurprisingly, banks and other financial institutions are popular targets for cyber criminals, and so the sector regularly experiences high volumes of attacks. In fact, throughout last year, 70 percent of UK financial sector firms suffered a cyber attack.
These organisations have always been big targets for criminals, back to when physical bank robberies were the norm, but the recent switch to remote working has certainly triggered a surge in cyber activity. All industries felt the pressure of having to re-establish themselves as remote companies, leaving most fearing the impact of this shift on their cyber security stance. Ponemon Institute’s recent survey found that 57 percent of UK finance companies felt remote working left their employees exposed, with 41 percent fearing that remote workers are putting the business at risk of major data breaches.
With remote working came greater migration to the cloud. This in turn added to the vast avenues that hackers could take to break into the company network. In particular, banking technology has been greatly affected by the advancements made, especially mobile devices that collect and hold sensitive credentials and personal details.
Unfortunately, not only do banks have to defend against external threats, but also those from within. Around 20 percent of attacks on finance companies originate from internal, financially driven adversaries. Understanding where the primary weaknesses lie in a bank’s defence line is the first step towards strengthening their position.
Let’s break these weaknesses down.
Connecting to the cloud
One of the biggest potential weak spots for finance companies is the move to the cloud. If not deployed with the necessary cyber measures and complete understanding of how best to manage security policies, links to the cloud could leave businesses exposed to adversaries waiting just outside the perimeter. It’s important to remember that anything built for the cloud, should also be secured for the cloud.
The promise of cost-effective infrastructure and strong results for customer experience quickly outweigh the potential risks for a lot of companies. And the threats facing banks should not hinder their digital progress. As long as the appropriate security measures are taken, finance companies can advance their systems with confidence.
Gaps in the supply chain
Managing the security of your own company is one thing but having to consider the measures taken by all businesses connected to your network is something else entirely. Supply chains are a fundamental part of all organisations, but they also have the potential to unravel the security that a business has worked tirelessly to deploy.
Not only does the attack surface become a whole lot bigger for banks, but they too could become weak points for third party companies. Banks play central roles in business transactions and product imports and exports, so they’re often connected to hundreds of supply chains at any one time. Experiencing a breach could have devastating consequences for the rest of the supply chain as it’s likely all financial activity would cease until resolved.
Boosting cyber resilience
With these vulnerabilities in mind, businesses should look to develop their unique and detailed cyber resilience strategy, incorporating the four steps: plan, build, test and run. Jumping headfirst into a security scheme without fully planning each stage in detail could result in elements being overlooked and the entire plan unravelling.
No two businesses are the same when it comes to developing a cyber security strategy. There are so many factors to consider, like size and digital maturity, which will have significant impacts on the overall scheme. Another significant consideration is whether the company still relies on on-premises set ups or if they have transitioned to the cloud. Either way, no further steps should be taken until IT teams have a comprehensive overview of their network infrastructure.
When it comes to testing the different elements of the strategy before the final launch, it’s worth employing external red teams to deliver an in-depth and thorough security and vulnerability report. Red teaming exercises involve security professionals taking on the role of threat actors to test different areas of business security and see how far into the network they can breach, identifying vulnerabilities along the way. The activity is usually very specific and focuses on selected areas of the security barrier. Using an in-house team is also a viable option – the most important thing is to accept any issues that arise and treat them as steppingstones to achieving the top-level security plan that the security landscape demands.
Beyond this, finance companies should consider the role of artificial intelligence (AI) and machine learning (ML) and the benefits they can provide. While there is still some uncertainty around the role that these technologies can play within a business, there is one important point to bear in mind: neither AI nor ML should be deployed for cognitive thinking. Human intuition is a fundamental part of a security strategy, and AI should only be introduced to assist workers in their day-to-day role. This includes freeing up employees to focus on high-value tasks, such as customer experience, as well as managing other more complex areas of security.
Security on two fronts
There is a final element that security teams should consider when planning out their defensive strategy. Despite most businesses now operating on the digital plane, physical security remains a vital factor. Most red teaming exercises involve scoping out physical company buildings, which usually hold large numbers of devices. During the first period of mass remote working last year, empty offices were sitting targets for criminals looking to hack the network from the heart of the business. This will undoubtedly remain an issue moving forwards.
From working closely with physical security teams, to keeping access permissions on a restricted list, there are plenty of steps finance organisations can take to strengthen their defences against threat actors. If money does indeed make the world go round, then the institutions at the centre of it all must remain strong and resilient. Keeping malicious attackers at bay must be priority number one.
