By Ian McShane, Field CTO, Arctic Wolf
Whether it’s fundamental changes to their operations or ways of working, there is no doubt companies in the financial services industry have particularly felt the impact of the pandemic over the last two years. The accelerated shift into our now established hybrid way of working, coupled with the increased expectation from their customers wanting to transform their digital capabilities, means financial institutions have had to rapidly adapt, and are fast learning 2022 will bring more of the same.
However, it is in fact these radical transformations that are now making financial services businesses a very attractive target for cybercrime. Whether it’s a high street bank or a large scale investment fund, cyber criminals are targeting companies within the sector in order to steal money, hijack client information or destroy critical information to disrupt services. According to a report from the DTCC, cyber attacks are now considered the number one threat to the financial markets, closely followed by COVID-19 and geopolitical tensions. In addition, recent research from Boston Consulting Group, also states banking and financial institutes are 300 times more susceptible to cyber attacks than other companies.
Besides the obvious external cybersecurity threats coming from nation states such as Russia and China, there are a number of other forces closer to home that are driving this surge in security vulnerability for the financial services industry. It’s therefore critical that companies fully understand the extent of the threats they now face and use this information to raise effective defences against them.
One of the key areas currently being overlooked is the vast amount of new software applications now being deployed by businesses in the sector. The rapid changes companies have needed to make means they are still trying to play catch-up to ensure their cybersecurity operations match the levels required to keep bad actors at bay. These software innovations, which support a more digital first working environment, are giving cybercriminals an open door into a company’s network, data and its infrastructure.
Even when businesses have all the cybersecurity defences in place to protect them from external attacks, these can all be undone if the real threat is coming from the people within the business. This is another big challenge for the financial service sector as it grapples with insider rouge operators within their own organisations. Increasing numbers of their employees, fuelled by disgruntlement and poor pay, are deliberately attacking their own organisations using the sensitive knowledge they have accrued while being an employee. According to a 2020 IBM report, three quarters of insider attacks are in fact deliberate, while research from the Ponemon Institute shows there has been a 47 percent increase in insider threats within the last three years.
Worse still, a 2020 study from cybersecurity insiders emphasises that these threats are becoming more frequent, trickier to detect, and more damaging. Recently, an undisclosed New York credit union faced a breach in sensitive information due to an insider. After being sacked, a former employee was able to login into company systems after termination and, within forty minutes, deleted 21.3 GB of company data and files. It’s plain to see financial organisations need to pay as much attention to the internal threats as they do the external ones.
So what is the answer? In short, the internal cyber threats facing the financial services sector highlights just how important it is to have a cohesive and centralised approach to information security and cyber security.
Every day, businesses rely on applications and platforms that serve as the system-of-record for critical functions like HR, CRM, and finance, but most lack an option for the same business outcomes in the cybersecurity space. This is because most organisations will discover that for them, even in the financial sector, a true 24×7 Security Operations approach is out of reach – they will find it too expensive, challenging, and ultimately ineffective to build, maintain, and run a 24×7 Security Operations Centre in-house.
The fact remains that to mitigate catastrophic and costly financial losses, regulatory fines and devastating reputational impact, as well as loss in customers’ data and trust, financial institutions must ensure they invest in robust security operations in order to monitor, detect, and help their staff respond to potential security risks, including insider threats, around the clock.
The lack of available and experienced staff, the cost and time it takes to rip and replace their existing technology, and the sheer ineffectiveness of the tools available are accelerating the adoption of managed services like MDR, where businesses are quickly able to take advantage of their security vendor’s security analysts’ expertise, threat intelligence reports, and advanced technology to help address threats and cyber risk before consequential losses occur.
Whilst ransomware continues to not only dominate the headlines but also blight many financial institutions, the threats presenting themselves to financial service institutions will continue well into 2022. IT leaders within this sector need to continue investing in the right blend of technology and talent to ensure they are protected as much as possible, not just from the external threats, but the internal ones as well. While there is no silver bullet to total cybersecurity, a managed service approach to Security Operations can radically and rapidly bolster a company’s security posture. If this can be combined with a radical shift in culture, where all employees throughout the business – from the bank clerk to the CISO – understand the gravity of the cybersecurity threat they are facing, the financial services industry will feel better prepared for the next tide of threats coming their way.