By James Mingard, Head of Retail & Finance at Maintel

Research suggests there has been a 1,300% increase in ransomware attacks on financial institutions, with the National Cyber Security Centre (NSCS) reporting that over a third of financial services firms were hit by ransomware in the last year – with attacks costing an average of $2.1 million.

Such weaponry is easily accessible to even the most junior of cybercriminals who can engage underground ransomware-as-a-service almost as easily as any everyday SaaS solution. As such there are thousands of computers scanning every internet-connected machine for vulnerabilities, and too often, they are easily found. For example, in March 2021, Microsoft revealed the exploitation of ‘zero-day’ vulnerabilities in its popular Exchange software, which was being could be used as a cypher for ransomware. The bottom line is that no organisation is safe. 

With the pandemic only increasing the number of attacks levelled at financial services, this year must see cyber threat mitigation rise to the top of board priorities – not just in terms of the potential for financial loss. In the event of an attack, the Chief Information Security Officer (CISO) will have to answer for the loss of productivity, reputation and growing consumer concern around data privacy and the raft of laws that now govern this. There are three focus points CISO’s will need to consider to ensure minimal risk and maximum preparedness in 2022. 

1 – Zero compromise on Zero Trust

If they haven’t already CISOs must adopt a Zero Trust mantra and instil this across the organisation.  As PwC puts it, ‘Start by assuming that your users are already compromised’. Least-privilege access combined with behaviour monitoring must become ubiquitous, with NCSC urging companies to choose services designed for zero trust. New services such as PAM – Privilege Access Management – will be increasingly integrated into Zero Trust solutions, where user credentials and privileges are finely honed, controlled, and audited. 

2 – Meet ‘Anywhere working’ with xDR

With the new ‘office anywhere’ working model, Endpoint Detect and Respond, which brings enormous value, must now evolve to support and secure the hybrid workforce. The evolution of the wider network fabric means that next-level eXtended Detect and Respond (XDR) solutions are really the only option. XDR is no longer a buzzword. As Forrester Analyst, Allie Mellen explains:

 ‘The evolution of EDR, optimises threat detection, investigation, response, and hunting in real-time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.’    

The XDR multi-layered (but, crucially, avoiding siloing) approach has the potential to match the multi-faceted, ever-more creative attacks launched by bad actors. It is a way to uncover the unknown gaps waiting to be exploited, and new gaps brought about by new working cultures. As highlighted by the Enterprise Strategy Group, 70% of organisations reported to them that an XDR budget would be set aside within the next 12 months. Nearly one-fifth reported an existing XDR project — for example, integrating EDR and network detection and response tools. It’s clear. XDR isn’t a passing fad, it’s not even the future. It’s the solution needed here and now. 

3 – The rise of the ‘R’ 

Of course, approaches like XDR will continue to use novel applications of AI and ML to improve detection accuracy and provide a faster, more efficient incident response.  The rise of the ‘R’ or Respond will be a key differentiator and as the liabilities grow, being able to react to IOC’s – Indicators of Compromise – could mean success or failure. As research published in the Journal of Cybersecurity and Privacy explored, ‘traditional indicators of compromise may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts’.