Financial services firms have never faced a more agile and determined online foe. Barclays Global CISO Troels Oerting said recently that elite cybercrime gangs armed with advanced malware and a sophisticated skillset pose a major threat to the industry. They can get deeper inside networks, stay hidden for longer and steal more data than ever before. Additionally, as if that weren’t enough to worry about, coming European data protection laws will introduce a stringent new set of requirements and penalties on businesses, forcing improvements to cybersecurity.
Security spending in the sector went up 14% last year, according to PwC. But it’s vital that CISOs spend in the right areas. Today’s advanced threats require an advanced response.
The financial services industry is undergoing a digital revolution. That’s enabled smarter, more agile ways of working and facilitated the launch of innovative financial products. But it also represents a huge target for the bad guys. That same PwC report claimed the sector is seeing an increase in attacks from hackers outside the victim organisation’s country. And more worryingly, it revealed that threat actors are joining forces to launch attacks. Some executives even suspect that some nation state operatives are now working with organised crime.
IT security teams in the sector are increasingly stretched by these threats, which they have to manage alongside card fraud, money laundering and other challenges. And they have to protect data residing in increasingly dynamic, complex environments built on next generation cloud and other technologies. Traditional security tools which typically focus on defending at the perimeter may struggle to adapt to these newer IT systems, leaving data exposed.
These challenges are compounded by the forthcoming European General Data Protection Regulation (GDPR). An attempt to strengthen, modernise and unify the region’s privacy laws, it will place an even bigger burden on IT security teams to ensure data is kept safe.
Specifically, it will:
- Introduce a maximum fine of 4% of annual global turnover for serious transgressions
- Mandate the disclosure of data breaches within 72 hours of an incident
- Apply to all companies that store European citizens’ data, wherever they’re based
- Come into force on 25 May 2018
Detect and Respond
Given the volume and sophistication of threats facing financial institutions today, CISOs in the sector must assume that it’s inevitable they’ll be breached at some point. In fact, data breaches reported to UK privacy watchdog the ICO soared by 183% between 2013 and 2015. It’s important then to invest in next generation technologies which can contain breaches where possible. Security platforms that help to enforce micro-segmentation policies are key here. But it’s also vital to prioritise tools which can stop breaches in progress as early in the kill chain as possible.
Detection and response is crucial here. A report from forensics firm Mandiant claimed the average dwell time for an attacker inside a compromised network was 146 days last year. And Verizon reported it takes less than an hour to compromise systems in 93% of cases, but weeks or months to discover an attack 83% of the time. New approaches to improve detection rates include deception techniques, which detect suspicious activity early and reroute connections to a dynamic honeypot environment for granular observation. The technology is fast gaining momentum thanks to a low false positive rate, which provides higher fidelity security and enables faster mitigation.