Given this issue, which businesses face around the world, it comes as no surprise that most firms have increased their investment in cybersecurity in recent years. According to research conducted by Deloitte, financial firms spend an average of 10% of their IT budgets on security. Yet, despite this high level of investment, 65 per cent of firms reported suffering a security incident during 2020.
The ability to respond
The security capability of any financial services firm depends on how equipped it is to respond to vulnerabilities and attacks both at the edge of, and inside, its network. Smaller organisations, such as regional banks and credit unions, tend to have a lower level of cybersecurity investment and management. This lack of resources can place them at higher risk as attackers see them as low-hanging fruit.
At the same time, larger financial organisations, such as insurance companies and multinational banks, are likely to have greater funding and larger IT and security teams which typically enables them to better defend against attacks.
However, this isn’t always the case. Despite them posing a greater challenge for attackers, larger organisations do offer more data, resources, and revenue which makes them attractive targets. This shows that, even though investing more in defences can mean a greater challenge for attackers, risks still remain.
Supply chain challenges
Another security threat facing Australia’s financial services sector, and one currently receiving considerable attention, is supply chain attacks.
The complexity of modern software makes ensuring it’s secure at all times an ongoing challenge. This was highlighted during the recent SolarWinds supply chain attack when malicious code was introduced into software used by some of the world’s largest companies.
The attack was successful because the complex IT infrastructures that exist within many firms makes detection of criminal activity within networks difficult. Add in the ever-increasing numbers of unmanaged devices and network security becomes even more complicated.
Such recent exploits have also shown that once inside, attackers often have free reign and virtually unlimited time to move laterally and remain undetected as they escalate privileges until they hit their desired target.
The reasons behind why security incidents are still so rampant, despite increased spending, are incredibly complex. Cyber criminals are taking advantage of an industry that is digitising its services while coping with a predominantly work-from-home workforce. Security and risk teams need to move beyond simple compliance checks and learn how they can use these big changes to their advantage.
Holistic understanding
Achieving comprehensive network visibility begins with a complete understanding of everything that is connecting to that network. It’s not enough to know that an asset exists as one must also understand its intended function and how it should behave.
Directional visibility is another key component. This covers both the east-west traffic inside the organisation, as well as the north-south traffic into and out of it.
The detection of threats can be turbocharged with the introduction of machine learning and artificial intelligence tools. These can monitor traffic and alert security teams if unusual activity is detected.
Effective response
Investing in resources that provide effective investigation and response is also very important. Having the right data, context for insights, and intuitive workflows can improve security investigations and stop advanced threats faster.
Network detection and response (NDR) is a great way for finance firms to stop threats once an attacker has gained access to a network, as continuous monitoring can rapidly detect an intrusion while remaining invisible to attackers. NDR can detect both known and unknown attacks and presents a trusted source of truth. Security teams can be confident that, if their NDR tools say an event has occurred, it has actually occurred.
For financial services firms, data and privacy breaches have a great potential for catastrophic financial and reputational damage. For this reason, limiting damages and avoiding regulatory fines requires a strategy that includes monitoring network data.
While the network will never be completely impenetrable, the opportunity to stop a breach lies in the ability to detect threats before they cause damage or loss.
Glen Maloney, ANZ regional sales manager, ExtraHop
