HOW SANDBOXING CAN HELP FINANCIAL INSTITUTIONS STAY AHEAD OF ATTACKERS IN THE CYBER-SECURITY ARMS RACE

Florian Malecki, International Product Marketing Director, SonicWall, EMEA

Florian Malecki
Florian Malecki

From reading about the most prominent cyber-attacks of 2017 so far, you would be forgiven for thinking that hackers have targeted organisations indiscriminately, both geographically and in terms of industry verticals. But this assumption is inherently flawed. Financial institutions, along with manufacturers and healthcare providers are among the organisations most frequently targeted by cyber-criminals. Given the importance of data to the day-to-day functioning of these industries, it is perhaps no surprise. Financial data, for example, is hugely appealing to cyber-criminals. Not only can it be used to steal funds directly from accounts, the withholding of access to mission-critical data can bring an institution to its knees, providing a lucrative opportunity for extortion. Furthermore, the interconnected nature of financial institutions’ operations leaves these organisations particularly vulnerable, enabling rapid cross-infection during incoming attacks.

Data security has risen from a fringe concern for IT, to a board level priority in just a few years. This is because of both the dramatic increase in the gravity and the frequency of attacks. Data from SonicWall’s International Threat Networks hows sizable increases in ransomware attacks; from 3.8 million attempts in 2015 to more than 638 million in 2016, in other words,a 167-fold increase! And it’s not just about the rising frequency of attacks, modern cyber-attacks cost companies millions. Today’s cyber-criminals leverage the threat of reputational damage, service disruption and revenue loss to demand large sums of money from victims. In fact, it has been estimated by Lloyd’s of London that a major global cyber-attack could cost the worldwide economy up to £40 billion. This would make the recent WannaCry (£6 billion) and NotPetya (£647 million) attacks look miniscule by comparison.

Another important point is that cyber-threats are continually evolving to overcome existing security measures and cyber-criminals consistently refine their means and methods to exploit new and old vulnerabilities. No-one is safe –criminals are an ever-present threat and can action their attacks from anywhere in the world. Banks and financial institutions present high-profile targets with the potential for a considerable bounty should an attack prove successful. With this in mind, cyber-security should be a number one consideration for any business, but particularly financial institutions where service disruptions can generate even greater losses during an incident.

How should IT managers at financial institutions protect their organisations?

Given the negative impacts of cyber-crime and data-breaches on financial organisations, detecting malicious code before it can impact the network is critical for their IT teams. Though global ransomware attacks, such as the ones that took down the NHS dominate the headlines, the most significant challenge comes from the highly targeted – often zero-day –attacks that are becoming increasingly common. Such attacks involve never-before-seen code packages, uniquely targeted at enterprises sometimes down to the branch level. These tend to have a much higher success rate than generic attacks as financial organisations are often under prepared for such an event.

With cyber-criminals and security experts effectively locked into a cyber-arms race, featuring ever more sophisticated strategies and vectors, IT managers must ensure modern protection for their networks. This includes next-generation firewall technology, which can identify traditional and new threat types and must be capable of decrypting standard encrypted traffic to ensure that malicious code cannot infiltrate the network from personal web-based accounts, applications and web-pages.It also requires comprehensive wireless device security, with per-device and user-specific access rights and application VPN to enable mobile working whilst maintaining complete security.

These solutions fall into the endpoint security camp; where malicious code is detected and destroyed at the security endpoint within the network. However, with bandwidth and productivity playing an important part in achieving a competitive edge, some businesses require offsite security expertise.

How sandboxing can prevent security breaches

Sandboxing should be the best friend of every IT security professional. It not only provides a secure environment in which to ‘detonate’ the malicious code, it ensures that advanced threats – ones capable of lying dormant during security checks – are captured and isolated. The more engines that the security sandbox has at its disposal to analyse and quarantine threats, the harder it is for new variants to fool the system and escape into the network. All businesses should be looking to adopt sandboxing technology that monitors for the following behaviours:

  • OS calls: Including monitoring system calls and API functions
  • File system changes: Any kind of action, including creating, modifying, deleting and encrypting files Network changes: Any kind of abnormal establishment of outbound connections
  • Registry changes: Any modifications to establish persistence or changes to security or network settings
  • Beyond and between: Monitoring of instructions that a program executes between OS calls, to supplement context of other observations

Critically, sandboxing is the best method for avoiding zero-day attacks that employ new/unencountered coding and which do not have previously developed signatures available to allow onsite firewalls to identify them.

Invest in confidence

The modern cyber-security landscape requires intelligent security technologies to combat the sophisticated threats emerging from the global cyber-criminal community. Onsite firewalls can shield business networks from much of the onslaught, however, with hackers developing innovative delivery mechanisms for augmented malware strains and identifying new zero-day vulnerabilities in software platforms, more powerful systems are becoming integral to maintaining secure networks.

In the wake of WannaCry and NotPetya, many organisations will be reflecting on their investment in cyber-security. One thing is for certain, there will be many more attacks like these ones and the question remains, are businesses willing to invest in security now to avoid potentially devastating losses in the future?

Leave A Reply

Your email address will not be published.

*