By Craig Wellman, Director, Financial Services, Microsoft
As our lives were turned upside-down by the pandemic, cybercriminals acted quickly to exploit the chaos and confusion. Equipped with an emboldened cybercrime economy, attackers have been relentless in their pursuit of personal gain and distribution, demonstrating a willingness to take advantage of a global crisis and use the vulnerability of others to their advantage.
This saw attackers focus on critical infrastructure in attempts to cause maximum disruption, and in turn, access lucrative rewards. In fact, recent research placed the average cost of a ransomware attack at £1.44mn to financial services organisations, despite the industry being one of the most resilient to attacks. With attackers taking this as their approach and ambition, it’s of no surprise that the financial services industry was a top target of cybercriminals through this period, alongside healthcare and the energy sector.
In fact, the latest Microsoft Digital Defence Report showed that the financial services industry was the second most targeted sector by ransomware through the pandemic, ahead of government, healthcare and education – coming second only to the broad consumer and retail industries.
The security landscape for financial services:
As cybercriminals expanded their arsenal through the pandemic, so too did the organisations defending against their attacks. Alongside accelerating the use of technology to enable remote working, came the use of associated security tools and heightened awareness of the security risks associated with remote working. However, as we emerged from periods of near-universal home working, new challenges and demands emerged.
A shift from working at the kitchen table five days a week, the new hybrid workplace sees every employee working to their own rhythms – with each individual switching day to day from working in the office, from home, from coffee shops or taking calls on the go.
While supporting newfound freedoms and flexibility for employees, this does create a much more complex environment for security professionals in the industry. Much of these new challenges come from the conflicts that emerge from balancing the safety of valuable data and supporting employees to access the information they need in an efficient way from wherever they may be, critical to ensuring success in the modern financial services industry.
Working in this complex environment, and fending off an increasingly sophisticated opponent, how can the industry stay ahead and keep their data safe? From our work with customers spanning the financial services industry and others, we’ve found that organisations who stick to the following four steps stand the best chance of ensuring the protection of their data.
1 – Get the fundamentals right
While it is certainly true that cybercrime has become more sophisticated over time, when it comes to gaining initial access to your environment attackers are still using tried and tested methods to gain access. For example, over 70% of ransomware attacks started with phishing or password sprays, serving as a reminder that maintain high security awareness in your organisation, persisting with phishing training and building rigorous authentication policies is as critical as ever.
In fact, organisations that maintain the fundamentals of security hygiene are protected from 98% of attacks, with much of this work requiring little other than consistency and persistence. Security hygiene, as the name implies, is the hand gel and facemasks of information security – constituting multifactor authentication, keeping on top of software updates and applying least privileged access within a network along with a few other routine requirements.
2 – Act as if you’ve been attacked
With attackers deploying increasingly sophisticated tools once they gain access to a network, less and less can organisations depend on their reactive response to a breach. Instead, organisations who take a pro-active, zero trust approach are best positioned to contain and reduce the cost of a breach or malware attack. In practice, this approach is all about taking a lean approach to information access, providing access to only those employees who absolutely need it, and at only the times that they need access.
As well as containing more sophisticated attacks, this approach is critical to reducing another threat we have seen spike through the pandemic – insider risk. Knowingly or not, employees are posing an increased security risk to organisations, particularly as they are now accessing sensitive data away from the office and in a range of environments. Restricting their access to the information they need minimises the risk should an employee accidentally, or purposefully, leak information or data.
3 – Utilise the latest tools and technologies to stay ahead
Thankfully, as cybercriminals have become more sophisticated so to have the tools and technologies we can use to defend against their attacks. Machine learning based tools can be used to automatically pinpoint anomalous activity and speed up a response to issues, while analytics tools can help security professionals more effectively identify which of the many alerts they receive should responded to. These tools are most effective when packaged alongside the layered security and multi-factor authentication capabilities supported by the cloud, which come alongside solutions such as Microsoft’s Cloud for Financial Services. Such technologies can deliver on the promises of just-in-time and just enough approaches to security, while using the power of the cloud to support the industry to make use of the vast data sets it has available and enable employees to access the information they need wherever and whenever they wish.
4 – Collaborate inside and outside of the industry
A disparate, loose network of malicious actors has rapidly become an organised cybercrime economy over the pandemic. It would be unreasonable to expect an individual organisation to combat this threat alone, thankfully there a range of organisations spanning government and the private sector that a ready and able to support the industry protect its data and respond to live threats. No longer exclusive to major financial institutions, these partnerships and the tools they provide are available to organisations of any size. For example, UK-based start-up, Allica Bank, used the Microsoft Cloud to establish its bank within a year. These technologies helped it establish “best-in-class” levels of security as soon as it opened, and as they are based in the cloud, these solutions will scale with Allica bank as it grows.
It’s also critical to use the external support available if something does go wrong. Alongside your technology providers, UK organisations can receive support and guidance from the National Cyber Security Centre, who can deliver critical, external guidance if your organisation does fall victim to an attack.
As the industry progresses into 2022, the risk posed by cybercrime is only set to increase, as are the demands on the industry to innovate at pace and scale, utilising data and information to do so. It is critical that the industry puts strong security hygiene measures and rigorous data governance front of mind, while also understanding which technologies and partnerships can help them fend off the organised and sophisticated threats that are set to emerge in the years ahead.