By John Moran Technical Director at Tufin
IT infrastructure in financial organisations has grown in both size and complexity in recent years as companies undergo digital transformation. Networks are now more likely to be a blend of different architectures as businesses adopt multi-cloud approaches alongside legacy infrastructure.
This shift has helped to establish a more efficient, agile way of working and facilitated the digital strategies that now underpin the financial sector.
However, along with the advantages of digitalisation, these changes have also increased cyber risk exposure. How can CISOs and CIOs at financial institutions ensure they maintain control and visibility of these complex environments, and protect against cyber attacks?
The rapid rise in financial IT complexity
Digital transformation and cloud migration are critical business priorities for most industries but are particularly vital in the financial sector as consumers have grown to expect fast, reliable digital services.
As a result, spending on cloud services in banking is forecast to grow by more than 16 percent year-on-year through 2024, to $77 billion worldwide, a much faster pace of growth compared to the 4.5 percent annual increase in overall IT budgets.
However, multi-cloud and hybrid environments also add to the complexity. As IT environments expand and take on more moving parts it becomes increasingly difficult for IT and security teams to maintain effective visibility over all assets and traffic and identify security vulnerabilities.
This can quickly result in unnoticed weaknesses open to exploitation by cyber attackers.
How growing network complexity increases cyber risk
This challenge is, again, more pronounced in the financial sector as many organisations are stuck with large amounts of legacy infrastructure. The static documents and manual processes common in managing the topology of legacy systems are often outdated and this can result in overlapping policies and processes across different environments. Legacy infrastructure might, for example, contain systems that are not included in regular automated software patches or policy updates, allowing old vulnerabilities and access policies to persist.
A lack of visibility into the expanding digital environment also means financial firms can lose track of where files are located and how they can be accessed. The result of which is that highly sensitive assets, such as databases of customers’ Personally Identifiable Information (PII) or accounts and applications with high levels of privileged system accesses, could be left unsecured and unmonitored.
All of this increases the likelihood of the dreaded ‘unknown unknown’ – a security risk that the organisation has no idea exists and is therefore making no effort to resolve. Further, it all adds up to making effective vulnerability management close to impossible. Without a big picture view, CISOs cannot possibly begin prioritising risks and forming an effective strategy.
Meanwhile, criminal gangs are well-aware of these issues and are specifically targeting such weaknesses in their attacks. Financial firms have more to lose than most industries from cyber risk exposure since the sector is one of the most tightly regulated.
How can financial firms regain visibility?
Visibility and discovery are everything when it comes to security. If you can’t see it, you can’t secure it.
In today’s digitally driven, hyperconnected world, CISOs and their teams have no shortage of data about their IT environments. Security solutions provide a constant stream of threat data, while resources like the National Vulnerability Database offer an external view of threats.
But having access to raw threat data by itself does not translate into achieving network visibility. Financial organisations have developed such complex and fragmented environments, and the external threat landscape moves so quickly, that even the biggest security team has no chance of sifting through all this information manually to gain an idea of what’s going on.
Rather, data must be combined with contextual knowledge about the company’s unique network infrastructure and operations. An automated approach offers the best opportunity for achieving this. Automated tools can absorb the streams of internal data, such as vulnerability scans and threat alerts, and combine it with external data to create a highly contextualised view of the company’s risk posture.
Understanding the entire network topology drives operational benefits
Accurately prioritising vulnerabilities and formulating an effective response to potential security incidents, requires comprehensive internal network intelligence. By gaining a contextual view of the entire network topology, across physical networks and hybrid cloud platforms, security teams will finally regain visibility of potential threats and network access anomalies.
Achieving this enables accurate prioritisation of vulnerabilities and security events, decreasing the likelihood of a major security incident, and increasing operational resiliency. Rather than being bombarded with a stream of raw data, CISOs and their teams will be able to confidently zero in on the most important issues. For example, perhaps there is a list of hundreds of potential vulnerabilities that need addressing – but it’s apparent that a handful of them concern systems that are exposed to untrusted networks or contain highly critical data.
The ability to accurately and effectively prioritise cyber risk will boost a financial firm’s operational resilience, enabling them to better protect core systems and safeguard their customer data. Further, it will also serve to keep them on the right side of strict financial regulatory authorities.
Once security teams have achieved a contextual view of their entire IT network topology, they can ensure that they maintain visibility as their environment continues to grow. This means that they can continue to protect critical assets and identify threats no matter how their own systems, or the external threat landscape, change and evolve.