Rethinking cyber-security for the financial sector

By James Derbyshire, Browser Isolation expert for Garrison

The online security risks faced by financial institutions increased exponentially with the onset of COVID, due to the sharp rise in remote working. Employees today are regularly operating from less secure personal networks, whilst still having access to highly sensitive business and customer data.

And the problem is unlikely to go away anytime soon – companies including Citi Group and HSBC have said that they will continue to allow employees to work from home indefinitely. The cyber security challenge is no longer simply securing a network of offices or branches, but rather looking at protecting each individual employee who is working out of their own home office. All it takes is one mistake from an employee to rupture a company’s security defences and cause potentially irreparable damage to a company’s reputation and its bottom line.

The growing vulnerability posed by staff coincides with cyber-attacks, such as phishing scams and ransomware, becoming increasingly complex and commonplace. According to Verizon’s latest Data Breach Investigations Report, these kinds of attacks accounted for 36% of the data breaches in 2021. What’s more, web‐based attacks are also increasing – according to Google Safe Browsing there are over two million dangerous websites, but the real number is likely to be far greater.

The upshot is that employees, in particular staff with privileged or sensitive data access, are more likely than ever before to be the victims of a cyber-attack, making financial companies more vulnerable to data breaches than ever before.

Outdated security tools

The financial sector, like other industries, has tended to rely on detection-based security tools, like firewalls and web filters. These only protect against known threats; however, today’s threat landscape is filled with new, increasingly sophisticated malware, which traditional methods struggle to detect and are poorly equipped to defend against.

As a result, on the ineffectiveness of detection-based tools organisations are often advised to train staff on identifying scam emails, links, and attachments, but the reality is that even the best-trained and most conscientious employee can fall victim to a well-disguised cyber-attack.

Browser Isolation: a new era for cyber security

Increasing cyber-attacks and the exploitable vulnerability of the hybrid workforce are two of the reasons that forward-thinking organisations are looking to Browser Isolation to protect themselves and the customers they serve.

Browser Isolation works by removing all contact between an employee’s computer and the internet. Instead, the employee accesses the web via a remote machine which delivers a safe version of the content in the form of a video stream. This is known as Pixel-Pushing, pioneered by organisations like Garrison. For the user, there is no difference when accessing the web, but security implications for companies are huge; by completely separating an organisation’s internal network from external threats, Browser Isolation eliminates this ever-increasing risk.

Introducing Pixel-Pushing

Full Browser Isolation uses Pixel-Pushing to separate all web code from the user’s device. This means that rather than viewing the original website, the user only ever sees a series of safe images. This removes the need for IT teams to decide which websites are safe or not, or for users to decipher which emails to trust and which to flag. Instead, all malicious and non-malicious content is safely accessible by the employee, meaning that companies’ networks are never placed at risk.

There is also a ‘Partial Browser Isolation’ solution, which works by removing malware before sending the code back to the user’s device. However, unlike Full Browser Isolation, this is only a partial defence that always lets some of the original web code through, meaning that an organisation can never be completely assured of how secure any solution is.

What’s more, Partial Browser Isolation is not fully compatible with multimedia content like videos, which means employees can find themselves unable to access the content they need to perform their jobs. In contrast, Full Browser Isolation is a Zero-Trust solution, meaning that users’ machines and company networks never come into contact with potential malware. This gives financial organisations robust, uncompromised security, while providing employees with a full (but safe) online experience.

The role of the Cloud

Full Browser Isolation powered by Pixel-Pushing can be delivered through both software and hardware solutions. While both offer impenetrable protection, software-based Pixel-Pushing tends to be more costly as it moves significant data volumes. Hardware-based Pixel-Pushing on the other hand alleviates the bandwidth requirements, which reduces ongoing costs and improves the browsing experience.

Hardware-accelerated Pixel-Pushing can also be deployed in the cloud, with exactly the same capabilities but without the costs of hardware deployment and maintenance. This provides a powerful mix of security, usability and compatibility alongside lower costs and management overheads.

Protecting your high-risk employees

Cyber-attacks such as phishing and ransomware usually target employees with access to the most sensitive data or systems. Companies have traditionally turned to security tools that restrict web access for these groups to protect against this risk, however this isn’t a fool proof solution. Browser Isolation, on the other hand, enables full web access for these groups, while providing full security.

Removing the threat of human error

Organisations continue to invest in educating employees about online risks, but research shows that this has limited success in protecting an organisation’s security. The reality is that employees are not security experts and they shouldn’t be relied on to detect sophisticated and ever-evolving online threats. The use of a Full Browser Isolation solution means that employees access emails and web content in a completely safe environment, allowing them to visit websites, follow links and open attachments safely, without having to first decipher what is safe and what isn’t.

Full web access for all

Restricting access to dangerous websites is a tactic many organisations employ to protect against malware. However, with over 1.9 billion sites online at the time of writing, classifying websites with confidence and at pace is an almost impossible task for IT teams. This can lead to increased vulnerability if restrictions are too lax, and employee frustration if restrictions are too heavy-handed.

Browser Isolation resolves this issue by enabling users to access the internet without restrictions and without risk, regardless of a webpage’s security status.

Pixel-Pushing for Zero-Trust cyber security

The ever-evolving threat landscape means financial organisations need to rethink their security solutions to ensure their systems and data are fully protected. Traditional techniques that rely on detecting known threats or require employees to make the right judgement leave organisations vulnerable to attacks that could compromise customer data, putting customers at risk and organisations’ reputations on the line.

Full Browser Isolation enabled by Pixel-Pushing secures financial institutions against known and unknown threats. This gives companies complete web security along with great usability, IT simplicity, and cost-effectiveness, and all without impacting employees’ online experience.