Effective threat intelligence for the financial sector
Financial sector CISOs and security teams face a tough challenge. They need to keep the organization safe from the huge volume of indiscriminate threats that are unfortunately the price of doing business on the internet today. But they must also ensure they’re as resilient as possible to targeted, sophisticated attacks. The GDPR has just added yet another compliance hurdle for the already highly regulated financial sector, while new European open banking rules (PSD2) will increase competition and potentially risk as greater data sharing becomes mandatory.
To regain the initiative, security chiefs in the financial sector are looking to threat intelligence (TI) to help their organization spot and disrupt attacks quicker than before, protecting the bottom line and corporate reputation. But knowing what kind of platform to choose can be a challenge.
Financial sector under fire
Today’s financial services sector is a potent mix of fintech innovators and traditional institutions. Increasingly both old and new are being forced to collaborate, thanks to new regulations designed to level the playing field. Yet whatever the type of organization, large or small, the threats remain the same.
Customer data is the main prize for most online attackers. Financial companies obviously hold a wealth of highly sensitive and lucrative data inluding bank account and payment card information. That might be why global breaches in the sector have tripled from 2012-17. What’s more, the average cost of cybercrime increased by over 40%, from $13m per firm in 2014 to $18m in 2017. By contrast, the average cost per firm for other sectors is just under $12m.
It’s not only customer data that’s at risk. Some of the most sophisticated attacks ever seen on organizations have been targeted at banks. Most notable are those carried out by the infamous Carbanak gang, which has been able to hack institutions to make large unauthorized fund transfers and effect ATM jackpotting pay-outs. Also notable was the $81 million cyber heist at the Bangladesh Bank, another sophisticated attack which hijacked internal processes to divert funds via SWIFT.
Cyber risk can also stem from insecure development practices. In many fintech firms, the focus is on fast time-to-market and usability, rather than security. This can lead to mistakes being made which hackers can exploit. One report claims that some of the world’s top trading apps are full of security flaws.
Many of the world’s most recognizable brands are banks and financial institutions, so it’s no surprise that it is also one of the most phished sectors. Customers are repeatedly asked for personal details including online banking log-ins to help fraudsters crack accounts and commit identity fraud. Phishing emails could also download banking trojans or other info-stealing malware. One vendor blocked 137 million phishing attacks in Q3 2018 alone, a 28% increase on the previous quarter.
Invest in the best
For financial sector CISOs and security teams faced with this online onslaught, TI is an increasingly attractive option. Yet with so much choice on the market it pays to research exactly what the options are, and what’s the best fit for your organization. You need to consider your specific requirements: who will use the tool in your company? It will help to have customizable reports and dashboards based on role. Is pricing flexible enough to suit your organization? Does it integrate neatly into existing tools so that you can feed threat data direct into firewalls, IDS etc to build resilience into your infrastructure?
Also consider how TI is delivered to your users. Unmanaged threat feeds can be unhelpful and cause teams to miss alerts. Similarly, high-level contextualized reports take time to compile and are useful only for longer-term strategic planning. Many organizations will prefer platforms which not only consolidate, process and enrich multiple data feeds, but also offer bespoke features to add further value. They may integrate seamlessly with your existing tools via APIs, for example, and/or offer modular “pay as you need” functionality in a range of areas.
Most important to remember is the quality of your threat data. It must be as fresh as possible, obtained from as broad a range of reliable machine- and human generated sources as possible, actionable and targeted. Intelligence on a phishing or banking trojan campaign targeting other financial institutions in the same region, for example, can provide vital early warning that possible threats are on their way.
The good news is that with the right TI in place, you’ll be in a fantastic position. Not only will it help you to patch vulnerabilities, tweak firewalls and make other alterations to improve your IT resilience to threats in the wild, but it will allow you to respond quicker to attacks. The faster organizations can do this, the better chance they have of minimizing the financial and reputational fallout, for example, by promptly cancelling cards that have been stolen and found up for sale on the dark web.
That’s good news for your GDPR and regulatory compliance efforts, as well as the future success of ongoing digital transformation plans.