Safeguarding Financial Service Organizations’ Critical Data

By Andrew Hollister, CSO of LogRhythm

Financial services organizations are prime targets for cyberattacks with the plethora of sensitive information contained in their files. This is especially true as more of the world has moved to online banking and organizations transitioned more of their activities to cloud environments due to the pandemic. In June, Flagstar Bank disclosed a breach that impacted 1.5 million customers, sharing that threat actors accessed sensitive customer information including full names and social security numbers. Another financial services data breach that was disclosed this year was from Block, formerly known as Square. In this incident, it was confirmed the attackers had stolen the portfolios and stock trades details from 8.2 million current and former customers. Breaches of these scales should raise red flags for all financial organizations.

According to a report, financial services firms are 300 times as likely as other companies to be targeted by cyberattacks including phishing schemes, ransomware, malware and even insider threats. Because of this, financial institutions must take a more proactive approach to cybersecurity, or risk devastating data breaches of sensitive customer information.

Implications of Cyberattacks

As the threat landscape continuously evolves, securing the data that financial service organizations house is more complicated than ever. Cyberattacks on financial institutions can lead to large amounts of financial losses. According to an IBM report, data breach costs rose from $4.24 million to $4.35 million in 2021, the highest average total cost in the 17-year history of this report.

In addition, the report revealed that 83% of companies surveyed have experienced more than one data breach in their lifetime and are financially impacted long after the breach occurred.

Cybercriminals will continue to find new and more sophisticated ways to breach financial institutions, so organizations must be committed to meeting today’s risks head-on to protect critical assets and their customers.

Proactive Security Strategy

Banks and other financial organizations should implement the following strategies to ensure their organization is protected from today’s top threats:

Implement Continuous Monitoring: Implementing continuous monitoring and threat detection capabilities is essential for any organization’s risk management strategy, including banks and financial institutions. Given the persistence of attackers and the vulnerability not just of technology, but also of people and processes, it’s important to implement monitoring across the entire IT landscape on a continuous basis. This allows for an ongoing collection and automated analysis of all log and event data in order to examine all records of activity in real-time, as well as providing a basis for longer term baselines or data for behavioral type detections. With this type of all-encompassing visibility, security leaders can gain real-time insights into risk across all areas of the company.

Early Detection and Management of Threats: All organizations should have established a strong foundation by adopting endpoint technologies and other security solutions and processes that provide preventative capabilities. Once that is in place, they should formalize their ability to detect cyberattacks that have bypassed those capabilities at the earliest stage possible. Companies need to be proactive with their security strategies and develop capabilities to recognize the initial compromise before hackers have enough time to root around and steal sensitive data. Early threat detection helps prioritize and enable rapid response used to prevent the attacker from completing their chain of attack and reaching their ultimate goal. This could be the difference between maintaining security within the enterprise and a catastrophic breach that could damage the company.

Prioritize Security: It’s a Business Problem: It’s important for an organization’s C-suite and board of directors to see security as a priority and part of the larger business objectives. Security leaders need to have an open dialogue with the C-suite and board and provide consistent, ongoing reports directly to these groups. This enables them to demonstrate the value of cybersecurity and the impact it has on business performance, especially at a time when cyber breach headlines are at an all-time high and maintaining trust from the public is vital. Consumers and potential business partners will also feel more confident doing business with companies that understand that cybersecurity is a business problem, not just a technology problem.

Given the growing and evolving attack surface, financial organizations must evaluate their current cybersecurity measures and enact changes where needed. They must also acknowledge that we live in an era where cybersecurity requires a holistic approach, one that strengthens the resiliency of the people, processes, and technology and the stake they have in the organization’s security posture. Above all, aligning security strategies with wider business objectives will allow security leaders to reduce risk to the business in the face of persistent security threats.