Ross Brewer, VP and MD of international markets, LogRhythm
If 2015 taught organisations anything it is that the level of cyber security implemented on a global scale is rarely up to par. Indeed, high-profile businesses continued to receive an abundance of wake up calls in the form of news headlines, customer queries, and in the worst cases, actual breaches of information. In the last couple of months alone there has been breach after breach, with victims including TalkTalk, JD Wetherspoon and VTech. It’s therefore not surprising that a recent survey revealed that cyber security has become the main area of concern for UK banks, overtaking the worry of economic weakness.
Historically, banks have been pretty savvy when it comes to cyber security – they know they have something worth stealing, and that needs protecting. However, in today’s cyber climate it is a continual battle to defend against highly sophisticated and determined hackers. For that reason, the challenges faced by financial services organisations are essentially no different to any other organisation – malware, phishing, fraud, malicious insiders and so on are threats that are frequently experienced by banks. In other words, it isn’t the type of threat that is the issue for financial institutions, it’s how they deal with them. Banks are often incredibly siloed organisations thanks to their size, with many different segments and countries operating across the business that never intersect. Furthermore, legacy systems are often in place that simply don’t interact well, which means consistency on cyber strategies can be lacking. This can leave multiple points of weakness across networks, without standardised policies in place to determine how to close those gaps, or deal with threats when they occur.
Coordinating cyber strategies
Financial institutions have been criticised for their approach to cyber security in the past, however the Bank of England has begun to take action over the last couple of years, including the launch of CBEST, a framework to test cyber readiness. This framework compiles intelligence from the government and commercial providers to identify potential attacks on a financial institution, then replicates the techniques that could be used in order to test how prepared financial organisations are to respond. More recently, it conducted Operation Resilient Shield, a joint initiative between the Bank of England and its US counterparts to test the industry’s ability to withstand assaults from today’s hackers, as well as both country’s coordination during such a situation.
These initiatives are undoubtedly a good start, but banks also need advice on how to deal with threats in the real world, and how to ensure consistency across their organisations. Information sharing is crucial and the Bank of England has indicated that these programmes are part of a wider plan to achieve greater levels of intelligence. However, if the right technology isn’t in place at the banks themselves, not much useful information will be available to share.
Bringing security intelligence to the banks
Any given security system, whether that be at a bank or other organisation, is collecting massive amounts of data from every server, device, application, database, and security system deployed across the IT environment. Sifting through all this information and trying to connect the dots that signal a breach seems daunting and unrealistic – particularly when systems can all too often be segregated. However, this data analysis can be the difference between a vulnerable network, and one that is secure. This is where security intelligence comes in. The main objective of security intelligence is to delve into data from all areas of the business to deliver the right information, at the right time, with the appropriate context, to the right people.
The importance of analysing data in order to reduce the time it takes for banks to mitigate today’s threats lies in two key metrics, the mean time it takes to detect threats (MTTD) and the mean time it takes to respond to threats (MTTR). Currently most companies operate in a time period of weeks and months, however this allows for those trying to get into their system to still wreak havoc during the time. Just imagine how much a hacker could do if they breached a bank’s network and remained undetected for a month.
Ultimately, by giving all network activities context, regardless of where it comes from, financial institutions will be in a much better position to join the dots and fight off threats before any harm has been done. A successful banking breach has the potential to cause serious damage to the economy, so it’s incredibly important that banks address the many vulnerabilities that arise as a result of their siloed network. By using security intelligence, financial organisations can reduce the time it takes to discover and neutralise a threat from weeks and months to days and hours, and in an ideal world, minutes. A breach in the current security landscape is inevitable and banks will always be a prime target, yet what they can do is arm themselves with security intelligence to helps them minimise the impact of a threat.