Banking on automation: the future of cyber security for financial services

By Dave Henderson, founder, BlueFort Security

For cyber criminals banks are where the money is. A successful attack on a bank offers multiple avenues for profit through extortion, theft, and fraud. Given that many financial services firms are now largely perimeter-less businesses in the cloud, the cyber criminal’s playing field has expanded further and faster than many IT security teams can adequately defend.

Despite financial firms spending up to $3,000 per employee on cyber security to keep their networks protected, more often than not this fails. A recent study from Accenture and the Ponemon Institute “Unlocking the Value of Improved Cybersecurity Protection,” claims that the cost of cyberattacks is highest in the banking industry, reaching $18.3 million annually per company.

A key factor at play here is visibility. This remains the biggest problem when it comes to cybersecurity. Fundamentally if you can’t see what you have, how can you protect it, secure it or have any understanding about whether it’s attackable?  The net result is that companies don’t understand where the weaknesses are in their threat surface until a breach occurs, and by then it’s far too late.

Cyber attackers have an edge because they only have to succeed once where defenders need to succeed every time. Increasingly attackers and adversaries are using automated

& AI driven tools to penetrate and attack corporate networks.

Automation as well as being part of the problem, could also likely be a big part of the solution. Regardless of the industry or application, The benefits of automated operations deliver higher productivity, reliability, availability, increased performance, and reduced operating costs. Within cyber security it allows businesses and individuals to concentrate on more productive problem-solving network defending activities. An added benefit is that it’s these problem-solving activities that foster innovation and can lead to a more resilient cybersecurity organisation.

What’s wrong with the traditional approach?

There are three key challenges that cannot be solved using a manual approach:

1. As digital transformation has gathered pace, the growth of applications, big data, artificial intelligence and multi-cloud has meant an increase in attack vectors for cyber criminals. This isn’t going to change any time soon.  In 2020, projections suggest that worldwide spending on digital transformation will grow 4 percent year-on-year – a compromised and yet still strong growth despite the economic recession caused by the coronavirus (COVID-19) pandemic.
2. The ongoing cyber security skills gap means that there are simply not enough professionals with the right skills to tackle the problem. Despite the establishment of a new independent organisation that has been tasked with making sure there are enough skilled workers in the field, there is no doubt that resource challenge will be around for the foreseeable future.
3. At the end of the day we’re all only humans – and that means we make mistakes. Human error combined with the ever-increasing amount of data to manage, will inevitably mean that a threat, or potential threat, will slip through the cracks. It is simply unrealistic to expect human teams to catch all potential cybersecurity events.

Automation advantages

The good news is that cybersecurity products designed to automate specific processes are widespread, and the likelihood is that most organisations will have already implemented automation tools somewhere within their organisation. This is because automation enables organisations to be proactive about improving their cyber resilience rather than being target practice for any new malware that’s out there. They can have separate tools and service providers do the job or, as many are now doing, embrace new automated tools to do it themselves.

Automated penetration testing is a great example. Our networks are in need of continuous, on-demand testing to ensure controls are kept in tune at all times. Focused on the inside threat, automated penetration-testing platforms mimic the hacker’s attack. These tools “deliver” a pen test that simulates the pen tester’s laptop and/or attack proxy plugging into your network. The pen testing bot then performs reconnaissance on its environment by doing identical scans as a human would do. Once the automated tools have established where they sit within the environment, they will filter through what they’ve found. Detailed reports are produced together with proposed remediations, and all one step ahead of tomorrow’s malicious hacker.

It’s becoming increasingly difficult for businesses to secure themselves from cyber-threats and mitigate attacks due to their sophistication. Security teams worldwide are facing the hurdle of effectively managing millions of notifications that are generated by security capabilities. Automation and integration of cyber-security in business operations is becoming a critical way of saving resources – revenue, data, and reputation. Implementing automation could be vital in order to reliably protect organisations and ensure resilience through robust and repeatable processes.