Brian McCann, President Security Solutions, Neustar
The best possible outcome for any cyber threat aimed at your network – and in turn, your brand, your customers and your bottom line – is to successfully detect and neutralise it before it causes more risk or new destruction.
While this is the case regardless of your industry, for financial services (FS) organisations that are 300x more likely to be hit by a cyberattack, it is even more critical to be able to quickly mitigate unwanted attention from malicious online actors.
With money and highly sensitive data at the very core of the industry, cybercriminals have always besieged banks and FS companies. Their attacks can compromise data assets, degrade website performance, redirect funds, and damage reputations that have taken years to build.
Despite having long been targeted, now with the COVID-19 pandemic generating a huge spike in the number of fake domains, malware campaigns, Distributed Denial-of-Service (DDoS) attacks, phishing scams and misinformation, there has never been a more pivotal time for these organisations to prioritise security.
Elevated threats, additional complications
In recent months, the global health crisis has presented financial institutions with significant new security challenges. Many, for example, have faced greater obstacles with network redirection and outage while moving their entire employee base to a remote working model. Others have been subject to additional online account hacking, credential stuffing and fraudulent emails, due to the increased dependency on the digital world.
At first, it may seem logical that as our reliance on the internet has grown, so too should the number of cyberattacks. While this is true to a certain extent, we’ve seen much more of a spike than initially expected. Now, the risks are simply too high for FS institutions to not be monitoring and, in turn, reacting to online threats in real-time.
In response to the heightened threat level, the Financial Conduct Authority (FCA) issued a statement outlining its expectations for FS firms to prioritise information security throughout the pandemic, ensuring that ‘adequate controls are in place to manage cyber threats and respond to major incidents’. More specifically, the regulator noted that organisations should look to implement enhanced monitoring to protect end points, information and critical processes, including network connections.
In an effort to defend against the rise in cyberattacks, banks and other FS companies have spent millions building out their security capabilities, including deploying DDoS mitigation services. Many businesses, however, are continuing to expose themselves to a variety of online threats by relying on outdated and manual processes, as well as failing to integrate their protection platforms.
Always on, integrated and automated
A catastrophic attack can strike in an instant, before it is even possible for security tools to kick in. Without taking a fully integrated, always on approach, organisations are missing out on immediate insights into where attacks might be coming from; whether it is a potentially risky IP addressing accessing a network, or understanding the location and VPN/proxy status of anonymous traffic.
In order to stand a chance at successfully mitigating against these threats, a robust security strategy is vital. At the very heart of this lies an authoritative Domain Name System (DNS) architecture, ensuring fast and accurate query responses to websites and other vital online assets. When combined with round-the-clock detection and protection for both networks and applications, FS firms can be confident in their ability to assess risks.
Not only can this approach be used to anticipate and block cyber threats – both inbound and outbound – before they do damage, it can also drive access decisions. With cybercriminals constantly exploring new techniques and approaches – particularly during the pandemic – organisations need to deploy tactics and technologies that help them regain the upper hand. By integrating more threat intelligence data, powerful decisioning and risk information can enable a frictionless and secure environment for FS institutions to operate.
Since the pandemic began, we have witnessed a dramatic upturn in cyberattacks using countless measures to wreak havoc on vulnerable businesses. We’ve also recorded an increase in the overall number of attacks, as well as in attack severity and intensity. In fact, Neustar mitigated 2.5 times more attacks in H1 2020 than in H1 2019.
If we review the associated cyber trends that have emerged alongside the COVID-19 crisis, it is easy to see how quickly things can change. While some organisations will have found it less challenging than others to adapt their security strategies in order to suit a fully remote workforce, no institution is exempt from becoming the next victim – especially those in the financial services sector.