Author: Raghu Nandakumara, Head of Industry Solutions, Illumio
Like any group out to make a profit, most cybercriminals follow the money. It’s therefore little surprise that the financial sector has long been a primary target for threat actors looking to maximise their gains.
However, while financial institutions are no strangers to cyber threats, it’s clear that risk levels have escalated in recent months. A recent in-depth report from the IMF on vulnerabilities and risks in the sector highlights both an escalating volume of attacks and a growing risk of extreme losses, threatening to disrupt financial markets on a global scale.
As increasingly organised criminal gangs ramp up their attacks on the financial sector, organisations must ensure they have the cyber resilience to withstand attacks and safeguard the clients trusting them with their financial wellbeing.
The rising risk of ransomware
The IMF’s report paints a stark picture of the cyber threat landscape for financial institutions. The report found that roughly one fifth of all recorded incidents affect financial firms, with the overall volume nearly doubling in the years since the COVID pandemic. The Bank of England reinforces this, citing cyber risk as the lead concern of the sector in the UK.
While the rising number of attacks is a serious issue, incidents are also costing more. The IMF found that, while most cases the direct costs were less than $0.5m, the cost of the most expensive incidents, dubbed extreme losses, has climbed to $2.5bn. This figure has quadrupled since 2017, showing a drastic increase in the impact of cyberattacks. Further, indirect losses such as reputational damage and the cost of security upgrades are noted to be “substantially higher” – and are notoriously difficult to quantify.
The financial sector is particularly vulnerable to ransomware attacks that seek to disrupt operations through encrypting key systems and data. Ransomware has become a weapon of choice for attacks on most sectors, but is particularly effective in fields where uptime is paramount. With the financial sector being built on reliability and integrity, it’s a very appealing target for these disruptive attacks.
The IMF notes that the damage caused by ransomware attacks can rapidly spread through the industry, with disrupted services cascading to undermine financial stability on a large scale. This was demonstrated in a November 2023 ransomware attack on the US arm of the Industrial and Commercial Bank of China, China’s largest bank. The incident disrupted trading in the US Treasury market, demonstrating that impacts are much wider than the losses of any one institution.
Cloud infrastructure is increasing risk exposure
Alongside the risk from more aggressive and organised cybercriminal groups, financial institutions must also contend with increased cyber risk exposure from digitisation.
According to Illumio research, nearly half of all security breaches now originate in the cloud, with cloud migration often far outpacing security measures. As a result, organisations are often reliant on outdated security measures, such as traditional network firewalls, which were designed for on-premises environments and are ineffective against the dynamic nature of cloud computing.
The IMF notes that increasingly complex webs of third-party IT service providers have deepened this risk. While external operators can improve resilience, they can equally add a new layer of vulnerability. In December 2023, a ransomware attack on an IT service provider led to 60 US credit unions suffering simultaneous service outages.
Third parties also present increased risk of supply chain attacks, with threat actors compromising a supplier and using their system connections to bypass an organisation’s security measures.
As such, financial organisations must invest both in redundancies to guarantee uptime if a service provider is disrupted, and measures to prevent trusted connections being exploited in attacks.
Regulatory compliance has a way forward
With its high-risk exposure and status as critical infrastructure, the financial sector has always been heavily regulated, with requirements to implement effective controls and improve resilience.
The most pressing regulatory compliance is the European Union’s Digital Operational Resilience Act (DORA). DORA includes a wide provision of requirements, including creating risk management frameworks, mandatory reporting for major incidents, and regular operational resilience testing. Notably, it also places emphasis on managing third party risk, including cloud services.
DORA marks a significant evolution in regulatory frameworks. Its goal of enhancing sector-wide security is a welcome improvement over the approach of past standards like PCI-DSS and SWIFT, which were both focused on protecting the more specific areas of payment data and the SWIFT Network. Mandating uniform security protocols across all EU financial institutions will help to elevate cyber as a critical boardroom discussion.
The regulation will apply from January 2025, so financial organisations must ensure they are confidently able to meet its requirements before the end of the year.
To meet its demands, firms must both demonstrate a strong understanding of their risk profile and prove they have implemented measures to address key vulnerabilities. A Zero Trust security model is one of the most effective ways to achieve this.
The importance of Zero Trust security
The Zero Trust security model operates on the principle of “never trust, always verify.” Whereas IT systems often default to granting access to entities which pass simple checks such as having user credentials, Zero Trust requires additional verification, using a risk-based approach to match the authorisation measures to the risk involved.
A central pillar of a Zero Trust strategy is Zero Trust Segmentation (ZTS), a technology that applies Zero Trust principles to segmentation across the hybrid environment at a granular level. You could compare it to a secure depository. Safe deposit boxes are located in a highly secure vault that only admits authorised people. Visitors will then need to go through further steps to access their individual lock box, such as the use of keys, codes and biometrics.
This approach is essential in today’s environment where threats can originate from anywhere and breaches are often undetected for long periods. Controlling access is particularly critical when it comes to extensive networks of third-party suppliers and the proliferation of cloud services.
By segmenting networks and rigorously enforcing access controls, ZTS ensures that security perimeters are maintained around every critical asset, preventing lateral movement of attackers within networks. This technology is particularly effective in complex, hybrid cloud environments where traditional security measures fall short.
Zero Trust Segmentation not only helps meet DORA’s stringent requirements but also significantly bolsters an organisation’s cyber resilience, providing a dual benefit of compliance and enhanced security posture – something that is vital as we move towards a standardised security landscape across Europe.
As the cyber threat to the financial sector becomes increasingly more systemic, institutions must deliver resilience not only for their customers and bottom line, but to protect the global economy. The risk is only likely to increase as criminal groups lean into successful moneymaking tactics like ransomware.
Compliance with the upcoming DORA will help provide a framework for improved resilience against these threats. But organisations must also be proactive in pursuing strategies like Zero Trust to withstand increasingly aggressive threat actors.
