Authored by: David Sajoto, Vice President, Asia Pacific & Japan, ExtraHop
Cybercriminals are taking advantage of vulnerable supply chains, digital transformation efforts, distributed operations, and the upheaval of the COVID-19 pandemic to increase attacks on financial services institutions and their providers. Recent exploits have shown that sophisticated attackers will find a way into the networks of financial services as well as complex and hybrid computing infrastructures. The basic lack of visibility makes detection of nefarious activity within the network more difficult.
Crucial, yet under attack
Those tasked with protecting the financial services industry, including its intellectual property and its customer data and privacy, have an important and difficult job. The work-from-home and other operational challenges brought about by the pandemic have led to an increase in both attempted and successful cyberattacks.
As a storehouse of confidential information with direct access to monetary funds, the financial service industry is one of the most often attacked. Financial industries in Asia, specifically, are at more risk. According to Marsh and Mclennan's research, cybercriminals are 80% more likely to prey on organisations in Asia in comparison to other regions.
The fight against cybercrime - Is it enough?
Deloitte states that the financial services industry spends, on average, 10% of its IT budget on cybersecurity. In comparison, retail and wholesale services spend roughly 6.1% of IT budgets on security. Despite having a high level of investment, 65% of large financial services firms reported suffering a security incident in 2020.
Cybercriminals are taking advantage of an industry that is busily reconfiguring vulnerable supply chains as it works towards offering more digital experiences. According to the 2020 Verizon DBIR, 64% of the attacks in this sector are perpetrated by external actors who exfiltrate and monetise stolen data, while 35% are credited to insider attacks and errors, (18% and 9%, respectively).
It is clear that even as financial institutions continue to transform their digital landscapes, security and risk teams must move beyond compliance checkboxes, learning to assess how they can use these network changes to their advantage.
Complex and hybrid computing infrastructures make detection of nefarious activity within the network more difficult because of a basic lack of visibility. Add in the ever-increasing numbers of unmanaged devices, Bring Your Own Devices (BYODs), and IoTs, as well as the transition to remote work in 2020, network security has grown increasingly complicated. Recent exploits have also shown us that once inside, attackers have free reign and virtually unlimited time to move laterally and undetected as they escalate privileges until they hit their desired target. Network security is all the more challenging when the network is larger, as it becomes difficult to detect threats within the network.
Network Security - The answer is within the network
There are three core elements to consider that will empower financial security IT teams to stop threats once they are inside the network: visibility, real-time threat detection, and the ability to perform both proactive and retrospective investigations.
Complete visibility starts with a real-time understanding of everything that is connecting to the network, including unmanaged IoT devices. It’s not just about the ability to understand that an asset exists. One needs to understand its intended function and how it should behave on the network, including who and what it is allowed to talk to. Next is directional visibility, the east-west traffic inside the organisation, as well as the north-south traffic into and out of the organisation.
Real-Time Threat Detection
Machine learning offers the opportunity to understand normal behaviour and detect unusual activity on a hybrid network. Detecting threats in real-time is not just about one event; you need the context and correlation of every related activity inside the network to identify and stop malicious behaviour.
Investigation & Response
An analyst’s time needs to be spent on the alerts that matter most, not chasing false positives. Having the right data, context for insights, and intuitive workflows can improve investigations to stop advanced threats faster. Investigations into whether companies have been impacted by a vulnerability require not only data from the present, but in the past as well.
Bringing it all together
As the sector that is 80% more likely to experience a cyber attack, the financial services sector is in urgent need of an intricate protective layer preventing its network from potential breaches. Network detection and response (NDR) is uniquely suited to stop threats once an attacker is inside the network. Continuous monitoring detects intrusion as soon as possible, and is invisible to attackers. NDR can detect both known and unknown attacks, and presents a trusted source of truth—if the system says it happened, it happened. Using machine learning, NDR solutions learn the network and how it should behave, and respond when they recognise something out of the ordinary, helping financial services with the daunting job of protecting their intellectual property, customer data and privacy.