By Jonathan Neal, VP Solutions Engineering at Saviynt
Finance organisations continue to be a focal point for cybercriminals. In addition, the number of phishing and social engineering campaigns targeting these high-value institutions continues to grow. Indeed, of the more than a million phishing attacks recorded by the Anti-Phishing Working Group in the first quarter of 2022, 23.6 percent were linked to financial services organisations. But it’s not only the volume of attacks that is concerning. Threat actors are also utilising advances in technology to significantly improve the effectiveness of their phishing attacks. The latest campaigns are better at concealing their true intent, which is luring recipients into sharing sensitive information concerning system access and logins. In fact, 82 percent of reported breaches involve some kind of human element, be it phishing-related or utilising stolen credentials.
This complex threat landscape represents a stubborn challenge for financial organisations. They need to ensure that only authorised employees, third-party providers, customers and machines – all of which have a unique identity – can gain access to the data and applications they require. The fact that many of their applications are hosted in a variety of cloud environments makes this identity challenge even greater. Managing the access rights for all these various digital identities has become mission critical across the entire sector, otherwise organisations could be exposed to cyber attacks, and data loss incidents, plus they risk falling foul of compliance regulations.
Implementing a strong identity security programme can help financial services organisations mitigate the impact of a breach, and there are a number of technological solutions that can support these efforts. However, not every solution is equally beneficial. Understanding the gaps that they may leave is vital when developing a robust programme, along with ascertaining which solutions can deliver the required security level while also streamline programme management.
Keeping up with changing security needs
Organisations have traditionally turned to point solutions to manage access to their data. But with the number of human and machine identities growing day by day, managing and securing this sprawl is becoming more difficult.
There are several disadvantages to utilising point identity security solutions. They complicate management, necessitate integration and escalate costs. Moreover, this siloed approach makes it harder to observe all types of sentient or synthetic identities located both on-premise and in the cloud. This lack of visibility expands the threat landscape and raises the risk for the entire system of an organisation.
Organisations relying on these diverse, specialised tools may also struggle to observe specific subsets of identities and applications, while some tools only work in a particular cloud or on-prem environment. This results in administrators needing to navigate multiple management consoles, compile data from disparate sources, and then generate their own reports in order to gain a comprehensive understanding of their environment. In some cases, organisations may underestimate the risk and choose not to enforce governance for specific identity types or locations, which could jeopardise compliance and security.
While technology is a strong ally in supporting the security efforts, when tools are deployed in this piecemeal way, it is far less effective. To truly safeguard their data, organisations need to monitor and govern all their identities and applications, regardless of their environment – on-premises, single cloud, multi-cloud, or hybrid – all from one place. Crucially, this provides administrators with the ability to swiftly identify and address any abnormalities in the system, ensuring continuous compliance with regulatory requirements.
The privilege challenge
In recent years, there has been a significant growth in the range of applications utilised by financial services organisations, particularly with the widespread adoption of cloud-based solutions. This innovation, paired with increased access needs, has made it much more difficult to manage access privileges in a timely and accurate manner. This shortcoming provides the perfect opportunity for adversaries to slip in, so poses a significant risk to organisations. For instance, if the compromised credentials belong to an employee with access to the billing system, hackers may be able to generate invoices and authorise payments before the organisation notices.
To prevent this from happening, the administrators need to be alerted quickly, or an automated process should be in place to proactively prevent such access. But enforcement can be quite an undertaking across multiple siloed applications.
One repository to rule them all
In stark contrast to these disparate tools and approaches are converged identity platforms, which enable organisations to consolidate crucial information into a single data repository.
A centralised repository can be the authoritative source for all identities and can even utilise machine learning capabilities to scan identity-related data, detecting anomalies and instances of excessive access. This valuable information can then be used to offer recommendations to administrators regarding access permissions, maintenance, and revocation, taking into account role-based and attribute-based access control information. Moreover, the incorporation of machine learning-driven risk analytics enables automated approval escalation, further bolstering the safeguarding of sensitive information.
Integrated platforms also make it easier and quicker to identify and handle separation of duty (SoD) breaches. SoD ensures that no single user has enough privileges to misuse the system on their own. For example, with payments, the person authorising a payment should not also be the one who can prepare it. When individuals seek access in a way that violates these protocols, their requests will be turned down and they will be notified of the reason why.
Another strong advantage of converged platforms is that they are able to provide end-to-end governance of all privileged access requests and provisioning. Integrating robust identity governance and administration (IGA) with privileged access management (PAM) can facilitate the provision of just-in-time and least-privileged access. Implementation of PAM makes it significantly harder for an insider attack to occur, because it forces an individual to request and justify their intended actions before access is granted. This makes an innocent mistake less likely, as there is significant oversight throughout the process.
By employing vigorous, rule-based controls that are easily managed and automated across various functionalities, it becomes possible to enhance the principle of least privilege for staff, third parties, and other entities involved in financial services processes, greatly reducing the attack surface. Importantly, this can be achieved without impeding the delivery of seamless customer care.
Conclusion
Safeguarding a financial services organisation’s data is crucial as threats like phishing and social engineering continue to evolve at pace. Strong identity management programmes are essential to ensure data protection and compliance, however, not all solutions are created equal. Rather than relying on traditional, point-based solutions, finserv organisations with complex infrastructures today require consolidated identity platforms that provide complete visibility and control over all of their identities, all from a single location. What’s more, by utilising machine learning, such platforms place organisations on the front foot, enabling them to take a much more proactive stance against the threat actors attempting to gain unauthorised access to their systems.
