Shining a spotlight on operational resilience and cyber-risk in financial services

By Miles Tappin, VP of EMEA for ThreatConnect, explores why the financial services industry must build a cyber security strategy in 2020

The new digital landscape has welcomed financial institutions with open arms. Emerging technology such as Artificial intelligence (AI), crypto-currencies and big data have shown widespread benefits throughout the years, particularly how they have driven innovation and change. When it comes to retail banking, fintech providers have quickly taken the chance to offer personalised services to ensure they remain relevant to their target market and stand out among their competitors.

This has been particularly evident with Klarna, now Europe’s most valued fintech firm. Providing payment solutions for online storefronts, consumers are now able to shop and pay later with top retailers including the likes of H&M, Ikea and Zara. This is just one example of how easy it has become to successfully and strategically disrupt the payments sector.

With several new players entering the banking scene, traditional financial institutions are making sure that they stay one step ahead and are developing robust digital ecosystems that deliver omnichannel service models. However, this comes at a price. As technological change becomes part and parcel to remaining relevant in the sector, the industry needs to be aware of the cyber security challenges that may present themselves and how to overcome them.

2020: The year for cybercriminals targeting financial services

2020 has become a definitive year for cybersecurity in the financial services industry. Financial institutions are a lucrative target – they hold highly sensitive information and have a mandate to protect the personal information of their customers. It started with an unprecedented attack against Travelex where hackers successfully took some of the currency providers offline for nearly a month. Then came Coronavirus which sparked a new wave of malware and phishing threats. Research from VMware Carbon Black Cloud revealed that threats against financial institutions have surged by 238% since the start of the pandemic.

The renewed interest from cyber criminals comes at a time when regulators are paying close attention to the resilience of the sector. After a string of IT failures and breaches, financial organisations in the UK have been given a mandate from regulators to improve operational resilience. This means ensuring business models can withstand disruptive events from hackers or adversaries and quickly recover to protect the stability of financial systems.

In December 2019, the UK’s financial regulators published a series of consultation papers outlining their proposed approach to achieving greater operational resilience. The proposals suggested that financial institutions will be required to map out the systems and processes that support business services in order to identify any potential vulnerabilities that would pose a risk to the stability of the UK financial system or the firm’s standing.

Working together in tandem

Where cybersecurity used to be a classic back-office concern, it’s now a central part of digital strategies and a key pillar of both reputation and customer retention – financial legislation leaves no room for failure. All financial institutions need to ensure they have full visibility of their systems and can detect any potential threats.

The challenge for financial institutions is making the security tools they have purchased separately work together in tandem. Security teams buy a firewall, an email filter, threat intelligence feeds, antivirus software or enhanced endpoint protection, and whatever else they need individually. Each of them does a good job but they don’t talk to each other and valuable time is lost tending to individual systems that become a burden to run. At the same time, running multiple security systems is expensive. The more systems you have, the more highly skilled staff you need to manage them, and they’re few and far between.

The importance of sharing across communities

To reduce complexity and simplify decision making, financial organisations need to unify processes and technology to harness the security intelligence that comes from across their own security programmes and external sources to drive down risk. However, no financial institution can tackle the problem alone. Experienced threat actors using advanced techniques are constantly targeting the financial sector. The industry needs to come together as a whole to foster a sense of collaboration and data sharing.

In the same way that financial institutions have introduced open banking to deliver a fairer service to customers, the same needs to apply to security – all parts of the financial ecosystem need to unite and share information to learn from one another and succeed in the fight against adversaries that operate across borders.

By sharing alerts on cyber hazards and risk across financial institutions and with law enforcement, government agencies and other relevant authorities, it’s possible to build industry specific insights into cyber security threats and quickly pivot to gain more information on those specific threats and threat actors. By working together, a picture can be painted on threats coming from all manner of malicious activity, from malware to ransomware, to phishing and software vulnerabilities.

Creating a single source of intelligence

Having the right intelligence is not enough to ensure that intelligence is turned into action. Breaking down information and process silos across security teams allows financial organisation to analyse and act on the most pertinent information. Everyone has access to the risk and threats that matter most, and orchestration and automation of response helps overwhelmed security teams prioritise response plans and improve efficiencies in their security programme.

Integrating internal security tools and technologies, while also connecting to external sources of intelligence, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions further feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.

This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It allows financial institutions to keep up with threat actors that have consistently adapted their methods to profit at the expense of the financial industry. Something that won’t stop anytime soon.

While financial services institutions tend to operate with security front of mind, there is still an opportunity to collaborate more within the industry and increase intelligence sharing, so CSOs and CTOs can understand as much as they can about the threats they are facing. For example, what types or variants of malware have been used to steal, delete, or ransom personal identifiable information or IP specific to financial services? What ransomware has been used in attacks against other organisations within the industry? How does this ransomware work and how does it ransom the targeted data? Ultimately, the more you know, the better and quicker you’ll be able to respond to a new threat and remain protected.