-By Leon Ward, Field Product Manager of IT security specialists Sourcefire UK.
(In this article, Leon explains what should be the top three IT security considerations for financial services and offers advice on how the financial sector can stay protected.)
It was announced towards the end of last year that a new police Cyber Crime Unit is to be set up to protect Britain against the growing threat of attacks on the internet and in electronic communications. The new team will be in place by 2013 and forms part of a £650 million Government drive to tackle what the Government says is a real and growing threat to the UK's national interests from cyber attacks by organised criminals, terrorists, hostile states and 'hacktivists'.
The government has estimated that cyber crime costs the UK a whopping £27 billion per year. In the financial sector, cyber crime continues to increase and is a major cause of losses, ahead of accounting fraud, bribery, corruption and money laundering.
According to a recent global report by PwC, cyber crime is the second most commonly reported economic crime affecting financial services firms. Of the 3,877 business surveyed across 78 countries, cyber crime accounted for 38 percent of criminal incidents for financial companies compared with only 16 percent in other businesses.
Account takeovers, third-party payment processor breaches, securities and market trading exploitation and mobile banking schemes are just a few of the types of damaging cyber criminal exploits. With an established underground economy servicing the needs of the market for stolen and compromised data, financial organisations need to protect their critical infrastructures as cyber threats become increasingly sophisticated and wide ranging.
Delivering adaptive and flexible security to aid compliance monitoring and control is a must. In order to secure data and assets and manage and minimise network security risks, financial services firms should be looking to implement technologies based on three key considerations:
- Agility – Traditional security tools were designed for stable, slow changing environments. They weren't built to deal with today's ever-changing conditions and new attacks. In order to be agile, modern security technologies must be able to do four things: see everything in the environment including assets and users on the network and attacks against them, learn by applying security intelligence to this data, adapt defenses automatically and act in real time for the fastest possible protection. Through a continuous process of see, learn, adapt and act, security technologies that are agile can deliver more effective protection for financial services firms because they have the ability to respond to continuous change.
- High Performance – Performance is critical to financial services networks. Security appliances that include specialised acceleration technology to speed flow and packet handling as well as multiple processors to expedite acquisition and classification of network traffic and application and control plane processing offer the massively parallel processing power to handle demanding throughput requirements. To be certain vendor claims of performance are reliable, consult third-party labs which regularly conduct tests of the latest IT security solutions and provide an efficient and neutral way gain validation.
- Low Latency – In the case of network security appliances, latency refers to the delay a device introduces to a network. Real-time financial services applications, such as high-frequency trading and transaction processing are extremely sensitive to latency. Microseconds can translate into billions of dollars gained, or lost. One way to reduce latency is to consolidate security functionality on a single device. Multiple point solutions each with their own device introduce their own latency that soon compounds. However, simply consolidating security functionality on a single device can still introduce delay and increase latency if each security solution has its own engine. Instead, devices that offer a single-pass engine are designed for minimal latency. By sharing processing across multiple security applications (i.e., monitoring and assembling data packets for security processing and inspection) a single-pass engine affords efficient application of multiple security functions (access control, threat detection and inspection, behavior analysis, host profiling, etc.) while maintaining high throughput performance.
When evaluating security technologies that include a single-pass engine and consolidated functionality, for example a Next-Generation Firewall with integrated intrusion prevention capabilities, make sure the technology includes next-generation capabilities through and through. Security technologies that sacrifice protection to achieve lower latency may expose the organisation to risk.
The financial services industry embodies the term "time equals money." In a sector in which many of the products are commodities, customer experience, confidence, trust, productivity and protection are critical to success. Security technologies that leverage the latest advances in design and engineering to deliver agility, high performance and low latency without compromising protection can mean the difference between profits and problems.