Published on March 4th, 2015 | by admin
Cyber Security in the New Financial Sector
The good health of any financial sector is dependent on an economy that allows for growth, innovation, and satisfaction of a country’s needs. When a threat to this sector emerges, it’s a nation’s population that pays the consequences. The new financial industry is essentially a high tech industry where data, intellectual property, and technological infrastructure are the most valuable assets.
Conventionally, security paradigms in the financial sector have been provided in layers, like an onion. Generally the focus is also on prevention-oriented products, with the notion that those layers are risk-independent. If you have a next generation firewall (NGFW) and an Intrusion Prevention System (IPS) in place, the combination should reduce the risk of a breach, right? Maybe, if the two risks weren’t correlated. Unfortunately, this is rarely the case. They can work to mitigate known threats, but have little to no advantage when you’re dealing with unknown threats.
Another approach is a Response-oriented one. This approach is reactive, used when an incident has occurred or is currently occurring. It deals with answering
- Who breached the network?
- How did they do it?
- What data did they take?
- Are we still under attack?
The two approaches are not exclusive, but complementary. There’s a wealth of knowledge already captured in the prevention arena and there are many good companies working toward those solutions. However, in the internet era, change is the only constant and responding to dynamic threats is very complicated. Advanced malware, for example, typically operates across multiple attack surfaces and has the ability to reconfigure itself on the fly by downloading new payloads. After the initial compromise, advanced malware can move through the network finding and exfiltrating sensitive data, spying on users through their webcams, or damaging critical systems, all the while moving laterally around the network, embedding itself deep within other systems. Such threats can be secured with a different approach, a more dynamic approach that involves a bigger overall picture of communication flows to and from your business.
Sizing the Problem
According to the Verizon Data Breach Investigations Report (2014), the three highest incident counts were Web app. attacks (27%), Card skimmers (22%) and Denial of Service (26%). The Cisco Security Report (2015) report also mentions that online criminals mostly rely on users’ help to install malware or to exploit security gaps. A user’s careless behavior is the weakest link in the security chain, creating huge gaps that lead to even bigger breaches. Last year, the European Central Bank (ECB) was hacked and personal information was stolen, including email addresses and contact data. In Jan. 2014, the Korea Credit Bureau (KCB) reported that 20 million bank and credit card users in South Korea had been leaked. These plus the JP Morgan-Chase breach in 2014 affected 76 Million households.
According to Taleb (2010), a black swan is an event with a low probability of occurrence but has huge consequences.. Black swans are usually not considered in traditional risk analysis; they require a different approach. The first one is to change risk management mindset from assuming that risks are the result of multiplying impact by probability, instead understand that your network has already been breached; you might just not know it yet. Once you realize that, you can address the following questions:
- How do you find out how much was taken, how deep it goes, and who did it?
- How do you know if the breach has finished or it is still ongoing?
- What capabilities do you need to build so your IT team can respond properly to a breach?
The European Union Agency for Network and Information Security indicates that the financial sector has limitations from three sources:
- The supply chain – not all assets are 100% under the control of the bank or financial institution,
- Privacy considerations – institutions now collect more information than ever about their customers and
- A skills shortage, which requires more investment in IT, and for systems to become more automated and easy to use.
Other limitations in the sector that could become risks are the availability of social media, cloud computing, smartphone computing, and trends like bring your own device (BYOD).
You can never be diligent enough when dealing with cyber security. Any solution playing in the response paradigm space should support the real-time collection and analysis of events at huge rates of packets, in a way that makes it easy to perform further analysis, to provide long term event and metadata storage and analytics, to be customizable to company specific needs, and to be as easy as possible to deploy and maintain. The challenges require well thought-out strategies, as opposed to ad-hoc solutions that might have worked in the past, but are no longer viable.
Finally, according to the FBI on finance sector cyber-threats, “Malicious cyber-incidents are costly and inconvenient to financial institutions and their customers, and although most businesses take action to recover quickly, limit impact to customers, and ensure long-term operational viability, the increasing sophistication of cyber-criminals will no doubt lead to an escalation in cyber-crime”.
It’s time to act.
Learn more at www.ss8.com/enterprise.
Business Development Manager – CALA Sales
- Taleb, N. N. (2010). The Black Swan. Random House, Nueva York.