How Financial Institutions Can Address Their Top Cybersecurity Challenges

Uploaded on 2023-12-19 in FREE TO VIEW, BUSINESS-Services-Financial

Financial institutions are a top focus for cybercriminals for obvious reasons, including the value of the information they hold, and the opportunities bad actors see for large payouts.

According to Verizon’s Data Breach Investigations Report, the financial sector is consistently among the most targeted industries, and the rate of attacks is growing. Banks saw a 238% increase in attacks for 2022 alone. The average data breach in the financial sector costs $5.9 million, which trails only the healthcare sector in average cost, according to IBM’s Cost of a Data Breach Report 2023.

While the industry has made significant strides with cybersecurity, there are countless factors that still make banks and financial institutions attractive targets.

The Challenges Of Protecting Financial Data

Several issues contribute to the difficulties financial institutions face in protecting their assets. One of the most significant is the complexity of the business environment, especially for larger institutions that have undergone mergers and acquisitions. Connecting legacy networks and applications can result in misconfigurations introducing vulnerabilities that provide hackers easy entry.

Financial institutions, like many businesses, also have a more distributed workforce in the wake of the pandemic. As a result, they have had to integrate greater uses of cloud and mobile computing which increases the attack surface. And, despite the implementation of modern, outward-facing applications, it’s not uncommon for banks to have 50-year-old applications  - written in COBOL - running on the back end that are long past the point of being supported. These applications can become risky from a security perspective, but often do not make financial or operational sense to update.

Despite all these risks, most attacks hinge on the human element in the form of identities on the network. Active Directory and the Importance of Identities. User identities play a big part in many cyberattacks, whether breaches result from insider actions, external attacks, or the involvement of third-party partners.

When it comes to identity threats, a malicious insider can cause extensive damage. The most notable example being the 2019 Capital One hack. Almost four years later this particular hack is still widely recognised as one of the greatest insider threats to date. A single insider was responsible for the theft of 100 million customer records, 140,000 Social Security numbers and 80,000 bank details of customers. And a credential compromise from outside an organisation is really just another type of insider threat. Once external attackers gain access by stealing credentials, they operate like a trusted insider.

Third-party risk can also cause severe damage. Most financial institutions have dozens to hundreds of vendors, service providers, and other partners connected to their network. For savvy hackers, a breach in a third-party system can create the perfect jumping off point to enter financial environments.

What's the one similarity these attacks share? The most common avenue for these breaches is Active Directory (AD).

When someone asked Willie Sutton why he robbed banks, he replied, “Because that’s where the money is.” So, why do cybercriminals attack Active Directory? Because that’s where the privileged access is. AD is so tightly woven into most organisations that it’s involved in 9 out of 10 cyberattacks. Microsoft estimates threat actors attack 95 million AD accounts each day, and that’s on the conservative side.

Whether an attacker gains access through phishing or other means, moving to an identity-rich area like Active Directory can allow them to elevate privileges, move across networks, and steal data or launch ransomware attacks. These types of attacks can bring banks and other financial service operations to a halt, preventing access to funds, leaking customer data and causing brand damage.

Breach Preparedness & Other Best Practices

To better protect their data, banks and financial institutions should start with prioritising their risk. They need to accept that breaches will happen, so they must identify their highest-priority assets - those that would cause the most damage if compromised - and the vulnerabilities of those assets.

Breach preparedness begins with an assessment of AD security, along with reviews of an organisation’s security architecture, operational procedures and security configurations. This allows security teams to identify attack paths and develop plans for response and remediation. With thorough assessments of the environment, organisations can develop threat mitigation plans to reduce the attack surface, optimise security configurations and create a thoughtful plan for recovering from an attack that reduces downtime and disruption.

Continually monitoring user identities is also very important. If a lower-level employee suddenly has elevated privileges, is accessing sensitive data they shouldn’t be reviewing, or is operating at odd hours and not performing regular business tasks, there’s a chance their identity is compromised.

Finally, planning should have a human element, in the form of recruiting and retaining security personnel and educating users. Banks and financial institutions must attract and retain knowledgeable security practitioners, which is easier for large institutions to afford. But in organisations of any size, security is a small part of the business. Financial institutions still have hordes of people with limited knowledge of security who are accessing systems and handling sensitive data. As such, employee training and security awareness is essential, especially with an increasing number of remote workers.

The Future Of Financial Sector Security

With the pace and sophistication of attacks on the rise, institutions need to gain visibility into their environments, get control of user identities and develop clear plans for breach preparedness, response and recovery.

Looking forward, financial institutions will also have to confront the risks associated with new threats and challenges with cryptocurrency. As with all forms of security, it comes down to mastering the fundamentals of gaining visibility into and control over the enterprise. 

 Igor Baikalov is Chief Scientist at Semperis

Image: Simon Kadula

You Might Also Read: 

Operational Resilience: More Than Disaster Recovery:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Five Tips for Securing Your CI/CD Pipeline
Britain Removes Chinese Components From The National Grid »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.

RedLattice

RedLattice

RedLattice are at the cutting edge of tool development and AI-assisted vulnerability research in cybersecurity.