The financial sector has always been a top target for cyber criminals. But as adversaries grow more organised and sophisticated, how severe are the risks, and how can organisations stay ahead of bad actors?
We asked Raghu Nandakumara, Head of Industry Solutions at Illumio, how the financial sector can build resilience against the ever-growing threat of cyberattacks.
How vulnerable is the financial sector to cyber threats right now?
The critical nature of the financial sector makes it very vulnerable to widespread digital threats. Financial institutions collect colossal amounts of data, from personal information to credit card details, national insurance numbers, investment details, loan information and more. They are essentially trusted with our entire digital identities.
Now, alongside attacks seeking to steal personal data or access accounts, the sector is increasingly under siege from ransomware. Last year, the industry accounted for 6 per cent of the top ransomware attacks and attacks targeting financial organisations have nearly tripled in 2022.
Attackers are also continuing to leverage double extortion approaches, combining data encryption to impact to operations with threats to leak or sell sensitive data. This creates more pressure on organisations to pay the ransom. According to reports, the financial sector has paid an average of $1.59M in ransom, higher than the global average of $1.4M.
Finally, institutes like banks are incredibly vulnerable to losses in productivity or operational downtime. Even the smallest disruption can have a huge impact on the business or the larger supply chain, since almost every individual and business are constantly reliant on banking services.
Why is cyber resilience so important for the financial sector?
Cyber resilience defines an organisation’s ability to detect, respond to, recover, and protect itself from cyberattacks. On a more granular level, developing cyber resilience means an organisation can remain operational, even in the event of an active attack. It’s not just the practice of stopping attackers from breaching your system, but rather fortifying them so they can still function, even when facing a breach.
Cyber resilience is critical for the financial sector because these organisations are the backbone of our economy and societies. If a banking organisation is unable to facilitate financial transactions, it will disrupt the wider marketplace for liquidity and assets. The disruption of financial services means a part of society’s capital flow will be completely halted.
Also, as we increasingly rely on digital and cashless transactions, disruption to such services can have crippling consequences. That’s why financial services rank as critical national infrastructure (CNI) alongside power and water.
How can financial firms strengthen their cyber resilience?
Achieving cyber resilience starts with visibility. Financial organisations often have a complex network infrastructure, comprised of many endpoints, interconnected systems and hybrid IT. This makes it hard for security teams to maintain visibility of their entire estate. But if you can’t see the risks, how can you defend against them?
To achieve visibility, organisations need to develop a clear picture of how their applications and workloads are communicating with each other. Then, they need to identify their most high-value assets and resources and define who has access to them. Not every employee within the company needs access to high-value assets. Limiting access to these resources to only a handful of individuals can prevent access privilege abuse and mitigate damage from a compromised account or endpoint.
Moreover, organisations must extend defences to every endpoint, cloud, or data centre resource connected to the network. This includes every mobile banking app, investment app, devices used by remote employees, and all third-party endpoints. Just protecting the core enterprise network alone is no longer enough.
Our research found that 74% of organisations expect Endpoint Detection and Response (EDR) to block or detect all malicious activity, yet most organisations still get breached. So, it’s clear that detection tools alone can no longer provide the protection needed against modern threats. Having visibility of all network traffic is critical. Effective monitoring frameworks must be in place to visualise endpoint traffic for every user or device that is accessing the network, supported by a Zero Trust strategy that always ‘assumes breach’.
Why is it essential to ‘assume breach’? And how can financial firms put the practice into action?
Assume breach is the approach of presuming that attacks and intrusions are inevitable and arranging the network’s defences to mitigate the impact. So, when a breach does occur, the network can automatically isolate adversaries before they traverse through different systems and inflict serious damage. With most attacks initiated and escalated through compromise or misuse of privileged accounts, an ‘assume breach’ mentality is critical, serving to shift defence strategies from a passive to an active framework.
Employing Zero Trust Segmentation (ZTS) is one of the most effective methods for making the assume breach model a reality. This Zero Trust technology is designed to divide an enterprise network, data centre, cloud environment or endpoint estate into multiple segments or subnets. Each segment has its own access and authentication policies, where user identities, devices, and network configurations must be validated every time a user requests access.
You can think of ZTS like a hotel. The hotel entrance is the perimeter and if someone gets into the hotel lobby (bypassing firewall defences) they don’t automatically have access to rooms. Guests have their own unique key cards with access to only the floors and room they need. So, if you are meant to check out at 11am and you try to access your room at 11:30 am, your access will be denied, and you will need to go to the front desk and get re-verified. ZTS functions in the same way, ensuring the division of endpoints, clouds and data centres into segments to protect them from potential threats.
It can also automatically block unauthorised movement across hybrid IT. For example, even if an attack compromises or reaches one device, the threat is contained to that single endpoint, preventing the spread of the breach across the organisation and limiting its impact. So, even if one part of the organisation falls victim to a breach, the bulk of business can continue as usual. That is true resilience and how financial firms can stay one step ahead of the attackers.
Financial organisations will continue to be targets of ransomware and other sophisticated threats. Cyber criminals follow the money and will always evolve their tactics to meet their aims. By putting in place proactive security measures, such as ZTS, coupled with an ‘assume breach’ mentality the financial sector can build resilience, and ensure critical systems remain operational and sensitive data protected, regardless of what threats come its way.
