By Adi Ashkenazy, VP Product at XM Cyber
If you thought the days of the Wild West were over, one look at the banking industry may change your mind. We may no longer see masked gunmen storming into local bank branches and demanding everything in the safe, but banks are still being robbed blind on a regular basis. The only difference is that the crimes are happening digitally. From the SWIFT hack to the recent attack on India’s Cosmos Bank, financial institutions are losing millions to cybercriminals.
Today’s criminals have it easy; digital theft is a lot safer than going into a bank guns blazing.
It’s also much harder for banks to keep up with all the new cyber-attack vectors, as well as the tools needed to prevent a robbery from succeeding.
Hackers are constantly finding new ways to get through the defenses of banks, whether they’re large ones or local community branches. These aren’t just brute force attacks either; they often mask themselves by employing legitimate tools and impersonating real user behavior. In the case of the SWIFT hack, according to a police report, the assailants “spent several months inside the network of one customer, preparing for the eventual attack by stealing user credentials and monitoring the bank’s operations using software that recorded computer keystrokes and screenshots.” Clearly, this isn’t some sort of smash and grab that happens in seconds; it’s a process that takes months.
Fighting Back with Red and Blue Teams
In order to fight back, banks need to think like a hacker. Some have begun implementing red or blue team drills, wherein a so-called “red team” tries to penetrate a company’s network and move laterally to target assets, and a “blue team” is hired to defend it. However, these are generally implemented separately, without the groups interacting with each other. This leads to stagnant security, as neither teams are adapting to each other’s behavior. Sure, it’s important to know where your weaknesses are, but it’s just as important to know about the latest types of schemes that hackers might be using to break through your defenses.
To overcome this issue, some companies have been hiring red and blue teams to work against each other in real-time, exposing vulnerabilities in the existing security stack. This is called “purple teaming,” and is definitely a step in the right direction. However, while security experts are an invaluable part of your defense, they do not scale, and cannot manually cover the breadth of a modern enterprise network.
Automated Purple Teaming
But what if the purple team process was automated so that the bank’s security was constantly testing itself and evolving 24/7? This would combine the best aspects of penetration testing and proactive defense, while removing the downsides like cost and human error, and improving your organization’s cybersecurity posture.
The most appealing aspect of this approach is that it continuously identifies vulnerabilities in the bank’s network and suggests steps to plug up possible security gaps. An automated purple team can simulate, assess and validate all the latest cyber-attacks and advanced persistent threat (APT) techniques along the entire kill chain from breach point to compromising critical assets. It looks for any vulnerability that a cyber-criminal might exploit — from software that hasn’t been updated and password hashes stored on a computer to a privileged session that can be hijacked. Once the attack vectors are determined, the defense kicks in to analyze attack data and prioritize remediation strategies accordingly.
An automated purple teaming solution does not require a dedicated staff with hyper-intensive cyber-knowledge to run it. After all, major banks like Chase and Bank of America might have dozens of trained cybersecurity analysts, but most small and mid-sized banks do not, leaving them extremely vulnerable. With an automated purple team, all it takes is for one person to flip the on-switch.
Enterprises that have the luxury of highly skilled staff can empower them by providing them with an automated purple teaming tool. Instead of having their in-demand staff working on dull and repetitive tasks, they can divert them to identify new vulnerabilities in the network, while providing scalability through the utilization of the automated tool.
Cyber threats are never going to stop evolving, which means your cyber defense can’t either. Automated testing is one of the most effective ways to make sure your bank’s defense is just as good as the hackers’ offense. A system that can run in the background without disrupting normal day-to-day activity and doesn’t require a special team to operate effectively is the perfect tool for a bank to have in their arsenal.