Bringing a Comprehensive Approach to Cybersecurity

Three key areas of focus for the financial services sector this year

By Renee Tarun, deputy CISO, Fortinet

Renee Tarun, deputy CISO, Fortinet

As last year’s unprecedented rise in cybercrime has illustrated financial services companies continue to be high-value targets for attackers. And that means we have to stay vigilant and focused on what’s coming in order to do everything we can to stay ahead of malicious actors. For those tasked with overseeing cybersecurity for financial services organizations, here are three key areas to focus on in 2022.

Increased attacks on cryptocurrency

The increased popularity of cryptocurrency has also made it a much juicier target for cybercriminals. For instance, we’ve seen the emergence of phishing campaigns specifically focused on stealing cryptocurrency. One such example uses a fake Amazon gift card generator to steal cryptocurrency. This malware monitors the victim’s clipboard for wallet addresses and replaces them with the attacker’s wallet. It also uses fake documents to lure victims into possibly providing confidential information, like credit card numbers, home addresses and credentials for online shopping sites.

Last summer, a new phishing campaign came out that included malware designed to steal crypto wallet information and credentials from a victim’s infected device. ElectroRAT is another new tool targeting digital wallets. It combines social engineering with custom cryptocurrency applications and a new Remote Access Trojan (RAT) targeting multiple operating systems, including Windows, Linux, and macOS.

Additional malware designed to target stored crypto credentials and drain digital wallets is sure to appear this year. One reason for this change is that criminals like to gather the low-hanging fruit. Capturing wire transfers has become increasingly difficult as organizations encrypt transactions and require multi-factor authentication. However, digital wallets tend to be less secure – and they’re a much bigger market. It’s essentially the difference between a digital bank robbery and a digital mugging. But while individual wallets may not have as big a payoff, this is likely to change as businesses begin to increasingly use digital wallets and currency for online transactions.

New and strengthened rules from the FTC and FDIC

Late last year, the Federal Trade Commission (FDIC) updated its “Safeguards Rule” as a way to keep the American public safer from breaches and cyberattacks that lead to identity theft and other financial losses. The FTC’s updated Safeguards Rule requires non-banking financial institutions – including mortgage brokers, motor vehicle dealers and payday lenders – to develop, implement and maintain a comprehensive security system to secure their customers’ information.

Changes include more specific standards for what safeguards financial institutions must implement as part of their information security program, such as using encryption to secure data and limiting who can access consumer data. Institutions must now also explain their information-sharing practices – specifically the administrative, technical and physical safeguards that financial institutions use to handle customers’ secure information. And they will have to designate one qualified individual to oversee their information security program and report periodically to an organization’s board of directors or a senior officer in charge of information security.

Another change that financial institutions will need to pay close attention to this year is the new 36-hour cybersecurity breach notification that goes into effect April 1. This represents the shortest regulatory breach notification reporting time frame of any law to date – and will apply to all banking organizations and bank service providers, as issued by the FDIC, the Board of Governors of the Federal Reserve Systems and the Office of the Comptroller of the Currency.

The need for a comprehensive security approach

The regulations laid out above are directly connected to this next point. The new and increasingly destructive tactics used by bad actors, coupled with the new regulations, underscore the need for a comprehensive cybersecurity approach.

It makes sense that most organizations use myriad types of different cybersecurity tools – because each one tries to detect an attacker at different points during the sequence of activities the attacker uses to gain entrance to and get around in an organization’s IT environment. However, if each of these devices works independently, it takes a lot of work to manage and analyze different management consoles and analysis tools.

Simultaneously, bad actors are looking for ways to slip in through the cracks between devices. With an integrated architecture approach, all the devices talk to each other and share information with common management and analysis tools. You can then close those gaps and make it a lot tougher on the criminals – hopefully so tough that they’ll give up and seek out an easier target.

In today’s threat landscape, network visibility is a necessity. Without it, you can go completely off track, both from a networking and a security perspective. No human brain is fast enough, and no human memory is big enough to integrate the torrent of parameters in real time. You need automation, and you need to simplify so your security team can focus on what a human brain does best instead of having to slog through tasks like correlating logs from different solutions.

Your focus for the future

The financial services industry needs and wants top-notch security to safeguard its highly sought-after assets; an organization’s reputation and survival depend on it. So does knowing what factors are influencing the threat landscape. In 2022, financial services firms need to keep an eye on cryptocurrency attacks, new regulations that require certain cybersecurity measures and an integrated, automated security strategy that spans digital and physical locations. Take these factors into consideration as you prepare for another year of evolving threats.

About the author:

Renee Tarun is deputy CISO at Fortinet. She is focused on enterprise security, compliance and governance, and product security. She is also a contributor to the book, The Digital Big Bang. Previously, she served for over 20 years with the U.S. government, with over 12 years as a cybersecurity leader for the National Security Agency (NSA). Renee received her master’s degree in computer/information technology administration and management from the University of Maryland University College. She is also a board member for the George Mason University Volgenau School of Engineering. She is married with two children.