By Steve Rackham, Senior Solutions Engineering Manager, EMEA Global Finance at NetApp
Since the digital converged with finance, there’s been opportunities for cybercriminals to get their hands on the personal and confidential data held by financial institutions. Over the years, this has seen many big brands crumble under the scrutiny of the general public and governing bodies, due to lack of trust around data security.
Those that have fallen to irreparable reputation damage have been an example of the need for continuous vigilance among all financial services when it comes to security.
However, the accelerating rate of cyber-attacks currently spreading through financial services seems to be simulating that of COVID-19 in the real world. While it may seem like a crass way to link cyber-security to a relevant issue, the two, in fact, run parallel and are very connected.
What with the move to remote working, abrupt transitions to cloud, and the speedy overhaul of infrastructure due to COVID-19 restrictions, financial services’ vulnerabilities have been exposed. As a result, cyber-attacks have surged – with malware and ransomware the most common. It’s a trend that’s very concerning. So much so, the GCHG’s National Cyber Security Centre partnered with the Cybersecurity and Infrastructure Agency in the US, at the start of the pandemic, in response – a rare moment in the history of cyber security.
Despite additional government intervention to crack down on cyber-attackers, the idea that there will never be cyber-attackers attempting to corrupt files and export data is just plainly utopian. When one door closes for a cyber-criminal, they tend to frustratingly find another one to open. One example of this is ransomware attacks. These attacks only need one small opening into an organisation and then have the power to hold your data hostage and demand a ransom in exchange for its potential return. According to BitDefender, ransomware attacks increased by 715% globally in the first have of 2020.
So, if it wasn’t clear enough already, the pandemic has brought home that businesses must remain continuously conscious of their security. For me, this starts with having good data management, which means a zero-trust approach to security is vital for financial services who are potentially coming up against the threats ushered in by COVID-19.
The era of zero trust
Taking a zero-trust approach to security is really considered best practice these days. While I won’t go into the full ins and outs here, it essentially does what it says on the tin – no one who aims to access company data (even employees) are given permission by default, they must prove themselves as safe. This is vital because while businesses can make good guesses, it can never be certain where a cyber-attack will come from and what it will look like.
Data is just so valuable. It’s the crown jewels of financial services, and it needs to same level of surveillance as the royal gems. Harnessing this distrust within your security means a surgical level of detail must be known about what your cyber-security is protecting, by placing security controls as close as possible to the data. Any changes to what’s being protecting will signify there may have been a potential breach. As part of this, those in charge of security should know where all data is, how it can be extracted, what it works in conjunction with, and where it moves beyond the business’ walls.
The three practical things financial services can do to stay protected
Knowing what data you have and where it goes is a great first step to rolling out a zero-trust security strategy. But of course at the same time, simply knowing is not enough. Financial institutions also have to act. (Although I’d just add that this doesn’t render the ‘knowing’ process useless – it will be a lot easier to act with an accurate and up-to-date purview of everything.)
It is time businesses put an end to traditional approaches of cybersecurity aimed at “barricading” systems. Instead, companies must adopt a proactive cyber-resilient approach, automated and integrated into their work environments. Aimed at protecting as well as detecting, responding and recovering, cyber resilience must provide permanent business continuity through the fastest possible response and data recovery capabilities. This is particularly important when it comes to combatting ransomware attacks as mentioned earlier.
For me, this can be broken down into three main actions that contribute to sound cyber-security in financial services: encryption, location, and access.
Encryption has been around for a while, but I think it’s one of the most useful tools for sensitive data that’s either stored in various locations or tends to be flying around. I’d say it’s sensible to team up flexible encryption with a key management solution, judging by the typical needs of a financial services business.
Location is a task that will be heavily reliant on your business truly understanding where its data lives, or moves to and from. To keep data safe, it’s important that several local and remote copies of important files are created. This then must be integrated with artificial systems capable of learning the classic behaviour of data, so when a sudden surge of activity is recorded, such as during a ransomware attempt, the reaction time can be immediate. Once security leaders confidently understand this, they will be able to work out the most appropriate way to classify data’s location, and grant access to it accordingly. This enhanced view on data will guarantee greater peace of mind for companies.
Access is predominantly concerned with a mindset shift, and the tasks that incur from that. Financial services – as do all of us – have to move away from granting an employee access to all data simply because they work for company. Instead, access has to be a high-regarded privilege granted as and when its needed. This is really when zero-trust comes to the fore, and security leaders should work out a process of granting data based on anyone task at hand, or failing this, personalising access based on an employee’s function within the business.
Security can feel hard to get a handle on when data continues to multiply. It can be easy for businesses to feel like they’re constantly catching up. And when well-known brands which you assume have a lot of resources to dedicate on security are caught up in an attack – like the headline-hitting Capital One mega-breach incident – it doesn’t exactly fill anyone in financial services with ease.
It’s true financial services hasn’t exactly got a glowing reputation when it comes to data breaches. As of 2019, the industry contributed to 62% of attacks, according to Bitglass. But that doesn’t mean your financial services business can’t be in the 38%. Strong cyber-security can be achieved – I’ve seen it.
So, stay vigilant, manage your data well, and carry out actions in line with your insights and your zero-trust approach.