Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > Applying Active Defense to Strengthen FSI Security

Applying Active Defense to Strengthen FSI Security

Published by linker 5

Posted on February 4, 2021

5 min read

Last updated: January 21, 2026

graphicstock-successful-young-businessman-shows-the-screen-of-the-tablet-with-key-to-success-symbo_SO4ZYwowxjx

What financial services organizations can learn from the government sector

By Ofer Israeli, CEO and founder, Illusive Networks

It seems like no matter what organizations do to protect their networks, cybercriminals are at least one step ahead – and breaches continue to occur. The standard cybersecurity paradigm is reactive and passive, but with today’s attacks having such long dwell times and the potential for such significant damage, IT teams need a more active defense stance. The federally funded not-for-profit, MITRE, has taken this position with the introduction of its Shield framework. Any strategy to defeat cybercrime must include active defense.

MITRE wrote this framework with government agencies in mind, but its principles translate well to the world of financial services. IT teams that know the latest strategies and recommendations put their companies in a strong position to remain secure.

Why MITRE Shield is important

MITRE’s Shield is an active defense knowledge base developed from over a decade’s worth of enemy engagement. With it, MITRE is trying to gather and organize what it has been learning with respect to active defense and adversary engagement. This information ranges from “high-level, CISO-ready considerations of opportunities and objectives to practitioner-friendly discussions of the tactics, techniques and procedures (TTPs) available to defenders.” The goal is for Shield to encourage discussion around active defense.

Understanding active defense

Financial institutions need every advantage to keep their highly valuable, in-demand data secure. Active defense involves using limited offensive action and counterattacks to prevent an adversary from taking digital territory or assets. Active defense covers a myriad of activities, including engaging the adversary, basic cyber defensive capabilities and cyber deception. Taken together, these activities enable IT teams to stop current attacks as well as get more insight into the attacker. Then they can prepare more thoroughly for future attacks.

Deception capabilities are a necessity in the modern security stack. In Shield’s new tactic and technique mapping, deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, facilitate, legitimize and test—along with 33 defensive techniques.

What FSI should know about deception

From small credit unions and regional insurance companies to global banks and investment houses, financial services organizations all face the same business risks that come with big breaches: significant financial losses, hefty regulatory fines and damage to their reputations. The movement of financial services applications to the web and the rise of mobile applications, including mobile banking, greatly expanded the attack surface for the sector.

Financial data is, of course, a prime target for attack, but the industry has to contend not only with outside attacks but those from within, as well. These internal attacks could be from malicious insiders or even from inadvertent acts in which an employee, while reading a phishing email, is tricked into opening an attachment containing malware or clicking on a link leading to a malware-infested site.

Deception technology is helpful and effective in all these cases, but there are common misconceptions about deception that financial institutions must overcome in order to feel confident using it. A prevailing misconception is that deception is synonymous with honeypots, which have been around for a long time and aren’t always effective. And to make them as realistic as possible requires a lot of management so that if attackers engage with a honeypot, they won’t be able to detect that it is not a real system and therefore know they’re in the middle of getting caught.

Quite the opposite is true, actually. Honeypots and deception are not the same thing. That’s how deception began, but it has changed significantly since then. Today’s deception takes the breadcrumb/deceptive artifact approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any effect on everyday systems, so false positives are dramatically reduced. These aspects of deception technology add tremendous security and financial value to the IT security team.

Finally, some organizations mistakenly assume that deception is too complex to implement well, with comparatively little return-on-investment. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has a low cost of maintenance – but are not engaging because they think it’s an overwhelming, complex approach that they won’t get enough value from.

Active defense is key

As financial institutions seek to serve their customers better with modern options like online banking and mobile apps, the threat landscape expands. So, too, do cybercriminals’ arsenals. And the rapid changes many institutions went through to manage the pandemic’s impact opened new attack doors, too. All of these new security risks require a stronger and broader defense strategy to protect that coveted financial data. That’s why MITRE’s Shield framework is so timely and worth heeding – even for organizations outside the government sector – particularly the recommendation to use active defense in general and deception technology in specific. Use the information above to strengthen defenses for a more active, real-time response to network threats.