With many finance and banking organisations exploring options for long-term hybrid working, IT leaders battling rising cybercrime are all too aware of the increased security risks associated with new working models. Rob Smith, CTO at award-winning cloud services provider Creative ITC, explains how to build a stronger, futureproof security posture.

Following pandemic-driven lockdowns, firms across the financial services industry are looking at ways to mitigate the IT hazards associated with the possible shift to long-term remote and hybrid working. Business and IT leaders and regulatory bodies are having to re-evaluate risk management and the importance of staff wellbeing.

Balancing increasing demands for remote working with mounting cyber risk is no easy task. Ever more complex IT infrastructures present a widening attack surface that now combines corporate networks with home devices. Over half of security leaders (52%) admit they’re feeling challenged to protect remote workers’ devices and cyber risk is snowballing as criminals exploit finance employees as the weakest link in a company’s defences. An estimated 95% of security issues are the result of workers allowing a breach as ransomware and phishing attacks soar. It’s no wonder that many security professionals are thinking about resigning due to increasing pressures.

Fail to prepare, prepare to fail

A recent survey confirmed that many IT security teams feel under-resourced and ill-equipped to fend off cyber attacks. Stretched in-house teams often don’t have security specialists with the right skills available 24/7. Organisational priorities and IT investment may have been focused elsewhere, leaving chinks in their corporate armour such as weak password management, irregular patching and unclear threat handling processes.

Many organisations have sought to boost defences by adding more tools to aid threat detection and response. Yet, breaches still occur – often the problem is not because a tool failed to raise an alert, but because the alert was missed or ignored. 

Two in five UK IT teams say they are overwhelmed by security alerts and over a quarter (27%) don’t feel equipped to spot a cyber threat. Worryingly, almost a third of security professionals (30%) admit to not knowing how to use their organisation’s security tools effectively. Worse still, over half (55%) have ignored an identified cybersecurity issue to attend to other business activities.

Re-thinking resilience

Tools alone are clearly not enough. For financial organisations to get on the front foot in the battle against cyber criminals, a different mindset is required. Instead of adding further tools and complexity, firms need to build security operations that empower cybersecurity experts to lead response.

Although banks and financial organisations often use in-house teams for all their IT operations, many struggle to afford highly-trained cybersecurity experts to ensure round-the-clock protection. Traditional security tools like Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems can produce excessive noise from false positives and security blind spots, making it difficult for internal teams to identify and resolve threats. These limited resources and tools can be easily overwhelmed by today’s sophisticated cybercriminals, putting organisations at huge financial, operational and reputational risk. 

To meet the challenges of today’s evolving hybrid environment, finance and banking organisations are starting to take a fresh approach.

A more robust security posture

Managed security operations from strategic security partners enable finance firms to boost internal teams and ensure a more robust, proactive security posture. Security Operations Centre as-a-Service (SOCaaS) solutions combine the latest technologies with 24/7 human expertise to provide firms with an immediate tactical response to threats, and expert-led strategic learning to strengthen resilience over time.

• Rapid response

It’s well known that speed is of the essence when responding to a breach. Seek out a provider with proven abilities to detect real threats and act upon them immediately. A proactive frontline team armed with the latest cloud-native technologies can enhance an organisation’s own threat detection and response capabilities. Look for a SOCaaS provider with a dedicated team of highly-trained experts available round-the-clock to react fast to threats and work until an incident is resolved.

• Strategic improvements

Good SOCaaS partners will also help to improve your security operations over the long-term. After an incident, your MSP should help you better understand its strategic implications, working with an in-house team to identify areas of improvement and support remediation efforts.

If hybrid and remote working models are to be viable long-term for finance and banking businesses, organisations must re-think traditional approaches to cybersecurity. A new breed of strategic security partners has emerged who can help firms comply with evolving operational and regulatory requirements, bringing new abilities to detect and resolve threats more quickly across their entire IT infrastructure, however complex. SOCaaS makes it fast, easy and cost-effective for finance firms of any size to deploy world-class, sustainable security operations. Leveraging the latest technologies and human expertise, SOCaaS providers will also add strategic value, helping banks and finance firms to develop a more robust and proactive long-term security posture.