By Martin Riley, Director of Managed Security Services at Bridewell Consulting
No other sector is more data-driven, digitised, or more attractive to cyber criminals than the financial services sector. In fact, research shows that banking and financial institutes are 300 times more at risk of cyber attacks than other companies.
But as the finance sector undergoes major digital and infrastructure transformation and technologies like cloud and blockchain become more commonplace, security risks are changing. Modern cyber security measures and tools are no longer sufficient: organisations must adopt a proactive and intelligent approach to cyber security that is underpinned by modern services such as Managed Detection and Response (MDR).
Today, with European regulators warning banks of potential cyber attacks at the hands of the Russian government or its proxies, organisations must protect themselves against a diverse and escalating range of threats. So, how can financial services companies stay one step ahead of threat actors without compromising the digital agility that customers and partners expect?
A prime target: emerging risks facing the finance sector
Financial institutions are no strangers to cyber threats. As both a vital component of the nation’s critical infrastructure and a treasure trove of sensitive data and financial capital, the sector is naturally a lucrative target. Although financial services firms already spend three times the amount that non-financial organisations do on cyber security, criminals are becoming increasingly sophisticated in finding and targeting weak points across the finance community.
Ransomware is very much on the rise: a recent report by Sophos indicates that 34% of mid-sized financial services organisations worldwide were hit by ransomware last year. This type of attack, which involves hackers seizing control of data systems before demanding money to give back access, has rapidly evolved from being a malware issue to a highly nuanced and profitable human endeavour. Harnessing the efficiency of automation and living off the land, cyber criminals can disrupt and damage almost all the components in the financial services ecosystem.
The finance sector is also becoming increasingly exposed to phishing scams. According to the APWG, financial services organisations are the target of around 41% of all such attacks, leaving them vulnerable to data breaches and severe reputational damage. And scams are no longer limited to email: this year saw Barclays account holders fall victim to a series of orchestrated social engineering attacks through text messaging and SMS (known as ‘smishing’), resulting in millions of pounds being stolen.
Insider threats are another, often under-addressed, risk within organisations. Whether malicious or accidental, these internal risks are particularly worrisome for the financial services sector due to the easy monetisation of the personal and financial data they hold. The rapid shift to remote working following the pandemic has created additional challenges when attempting to detect such attacks. As such, organisations are a key target for cyber criminals who can either make fraudulent transactions with the sensitive data obtained or sell the information on the black market.
The double-edged sword of digital transformation
Covid-19 has accelerated digital transformation across UK industry, and the finance sector has understood the urgent need to invest in technology to meet customer demands, enhance operational agility, and manage risks and costs.
However, this process inevitably introduces more security risks for financial services organisations as their attack surface broadens. It is even argued that the digital landscape, and the levels of disruption caused by digital transformation, are currently proving far more fast-moving than modern cyber strategies. In other words, new and innovative methods of cyber attack are significantly outpacing regulations, organisational strategies, and governmental policies.
Despite recent digital advances, many banks are still reliant on traditional systems and legacy infrastructure that without planning and thought, can be exposed by the lack of functionality needed for modern risk and compliance management. Furthermore, digitised functions, such as contactless payment and online banking, have had applications built and developed on top of outdated systems, thereby inadvertently exposing large amounts of the infrastructure. Disjointed systems can severely compromise both the overall security of an IT estate and the organisation’s ability to respond swiftly to any threats.
Aligning digital transformation with security transformation
Cyber crime is quickly displacing conventional crime. As a result, cyber and digital security strategies should be thought of as inseparable, allowing organisations to plan and integrate both into their transformation projects from the very beginning.
Traditionally, senior managers have considered digital transformation and cyber security to be two separate strategies with independent objectives and goals. However, this siloed approach often causes financial services organisations to overlook the security flaws and system weaknesses that come with rapid technological change. Cyber criminals are poised to take advantage of those companies quickly deploying new tools and completing fast upgrades without properly securing systems and defences.
Organisations must therefore take steps to ensure they have a strong cyber security strategy that matches their digital transformation strategy. By identifying any areas where vulnerabilities exist within legacy IT infrastructure, they can introduce a robust security transformation plan that ultimately drives the wider digital transformation of the business. Cyber security should not be approached reactively or as an afterthought: keeping a proactive mindset throughout the digital transformation process is a key part of building and maintaining cyber resilience.
From prevention to response
To counter the growing cyber crime threat, financial institutions need to find ways to alleviate new risks without increasing cost. Therefore, they should start to shift their cyber security focus from prevention to detection, containment and response, underpinned by the right services such as MDR and validating recovery.
IBM’s Cost of a Data Breach Report highlights the significance of being able to effectively detect how and when a cyber breach has taken place and respond accordingly. Companies that take a short-sighted preventative approach and fail to invest in a MDR strategy are typically those that take the longest to discover an attack has taken place.
At its core, an effective MDR strategy consists of threat intelligence, threat hunting and penetration testing, plus deployment and management of security monitoring and incident response. By combining artificial intelligence, automation and human analysis, MDR can provide enhanced visibility over networks and systems, enabling organisations to detect and prevent attacks from happening, whether internal or external.
Implementing an effective MDR strategy
The nerve centre of a MDR service is the modern Security Operations Centre (SOC). However, gleaning true value from a SOC can be complicated with different approaches including in-house, fully outsourced and hybrid options. Each has benefits but in today’s evolving threat landscape arguably it is only the hybrid model that can offer the right combination of expertise, responsiveness, flexibility and cost-effectiveness.
A hybrid SOC approach can help develop a reference security architecture that enables organisations to safeguard on-premise systems, cloud-based applications and SaaS solutions. Most importantly, it helps security become an enabler for the business rather than just a reactive response to the damaging impacts of a breach.
The most effective methods of MDR utilise Extended Detection and Response (XDR) technology to enable detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity. This ensures that wherever the cyber-attack comes from, users, assets and data remain safeguarded, adding a protective layer to the zero-trust environment and ensuring proactive action against threats. At the same time, choosing a solution that leverages existing investments in Microsoft 365 licensing can enable consolidation and reduce security spend, while increasing coverage and visibility.
Finally, by combining MDR with ethical hacking techniques, such as red teaming, to simulate attacks, financial sector organisations can develop deep insights into any gaps in cyber security strategy. The collaborative process of identifying and closing the gap – which is then validated through retesting – not only removes the risk but also educates teams on a range of cyber security best practice.
Strengthening cyber resilience
Cyber-attack methods and motives will continue to evolve and financial service organisations will need to stay one step ahead. The only way to improve cyber resilience is to implement a well-considered cyber security strategy centred around MDR. One that not only adheres to the strict compliant and regulatory requirements of the industry, but also improves overall security posture.
However, success will depend on ensuring the organisation has the right processes and people in place to manage new technologies. And with many organisations lacking security professionals with the depth of security knowledge and technical capability to develop more advanced capabilities required for effective MDR or running a cloud-native modern SOC, working with a security partner will be critical.
By partnering with a trusted and experienced team of experts, organisations can benefit from an agile end-to-end solution to secure data and build all-important consumer trust. In today’s shifting and increasingly volatile cyber landscape, it will be those organisations that adopt a proactive approach to security operations and implement a robust cyber security transformation process that will reap the benefits of a stronger, more structured IT estate.