Matt Hastings, VP, Product Management at NinjaOne
In the past two decades, as digital transformation abounds, the financial sector has fallen victim to more than 20,000 cyberattacks. What’s more, according to ESG1, more than three-quarters of organisations have experienced a cyberattack that started via exploit of an unknown, unmanaged, or poorly managed endpoint. As more organisations rely on endpoint devices to do business, it’s no surprise that 70% of UK financial organisations cite cyberattacks as one of the highest risks to their financial stability.
While financial institutions scramble to shore up their cybersecurity efforts, what are some of the most common challenges they’re looking to combat? And how can they protect their systems – as well as their customer data – in a growing and complex digital landscape?
Every touchpoint becomes an endpoint
Every device, from servers to employee laptops and mobile phones, represents a potential entry point for attackers. The rise of remote work, and digital consumer banking services, only widens the attack surface. In the last couple of years, we’ve witnessed two-thirds of banks offer more flexibility in how and where their employees work, increasing availability of remote access for their employees. With this, financial institutions are managing more diverse devices than ever before, which exposes their organisations to more risk.
Migration to the cloud
Financial institutions are rushing to reap the rewards of digital transformation through public cloud infrastructure. With 82% of banking executives planning to move over half of their mainframe workloads to the cloud in the next two to five years, this introduces another potential attack vector.
The cybersecurity solutions that financial institutions apply for traditional cybersecurity measures were likely not built for the cloud and, therefore, are insufficient in combatting the unique challenges that cloud environments pose.
Thankfully, there are many ways banks can reduce their attack surface and improve their ability to prevent, detect, and respond to attacks.
Here are six considerations for banks looking to improve their security posture:
- Monitor, identify, and fix misconfigurations: Misconfigured cloud resources, SaaS applications, or any internet-exposed device can be the root cause of incidents where data is inadvertently exposed or stolen by a threat actor. For financial institutions, this type of threat can have a monetary impact while also harming their reputation and depleting customer trust. To mitigate these risks, banks must not only maintain an accurate inventory of their cloud, SaaS application, and corporate environments but also ensure comprehensive visibility into all endpoints. Active monitoring and detailed visibility allow banks to identify and remediate misconfigurations before they result in serious harm.
- Enforce multi-factor authentication: Along with strong passwords, multi-factor authentication is imperative for proper cybersecurity hygiene. The most effective options are hardware security keys or time-based one-time password (TOTP) applications, like Google Authenticator. This ensures that even if a malicious actor obtains a username and password, they won’t be able to log in without access to a physical key or device.
- Back up data and gain insight: Ransomware is a serious risk to organisations because it brings operations to a screeching halt. To build resilience and ensure access to critical information, even in the event of a successful attack, security and IT teams should not only back up cloud and endpoint data but again, maintain visibility across their environments. By backing up data and monitoring endpoint activity, banks can better protect themselves and recover more quickly and effectively from ransomware attacks.
- Apply the principle of least privilege and restrict third party permissions: Overly permissive user and third-party access can unintentionally reveal sensitive information to employees or entities outside the organisation, which can lead to compromise. By placing checks and balances on the data users can access, organisations can reduce the risk of a bad actor imitating the identity of a genuine user to gain unauthorised access to the network.
- Ensure patching across every endpoint: Patching is a vital security measure. Outdated operating systems and applications can create holes in IT infrastructure, resulting in entry points for intrusion. To speed up the patching process, banks can use patch management tools to automate multiple updates across every machine.
- Monitor and respond to threats in real time: As part of any security plan, banks should consider incorporating a threat detection and response tool that covers all bases. These tools can monitor and track compromises across the cloud and on endpoints, so security teams can address potential threats before they escalate into issues that impact employees and customers.
The financial services industry will continue to be a lucrative target for threat actors. That said, by taking a few proactive steps, financial institutions can confidently protect their organisations from being the next headline-breaking victim of a cyberattack.
1 *Enterprise Strategy Group, a division of TechTarget, Research Publication, Managing the Endpoint Vulnerability Gap: The Convergence of IT and Security to Reduce Exposure; Dave Gruber, Principal Analyst; Gabe Knuth, Senior Analyst; and Bill Lundell, Director of Syndicated Research; May 2023
Bio: Matt Hastings is VP of Product Management at NinjaOne. Hastings has been working with organisations to build and implement security programs and products for over a decade.