By Faiz Shuja, co-founder & CEO at SIRP
Challenger banks such as Monzo and Starling are shaking up the finance sector. Traditional bricks and mortar institutions are eyeing their success in offering customers quality services on a modest budget and wondering if they could do likewise. The big difference is that the fintech start-ups exclusively offer their services online rather than on the high street. To catch up, traditional banks are now investing huge sums to digitalize their services and operations. Figures from IDC suggest that such investment will grow 20.4 percent each year to 2022, making finance the fastest growing sector for digital transformation.
This transition to digital infrastructure, however, corresponds with an increase in the total attack surface, putting banks at greater risk from threat actors. As such, improved security measures are a vital part of any digital transformation strategy.
The modern-day bank jobs
Financial institutions are, not surprisingly, some of the most attractive targets for cybercriminals. Today’s digital robbers have the same motives as their masked and armed forebears, to get in and out quickly with as big a payout as possible. The cash and safety deposit boxes of yesteryear have been replaced by vast troves of valuable financial and personal data held in digital vaults. The IMF has acknowledged that such quantities of sensitive information make financial institutions “one of the most highly targeted economic sectors for data breaches”.
The nature of these threats means that not only are financial institutions at risk from cybercriminals, but their customers are also too. Further, an attack can come from anywhere, either from external actors or rogue insiders. This has been long recognized by regulators. Hence the banking industry has some of the strictest and most mature data security laws. These are now being applied to the digital realm. For example, regular audits are now being carried out on behalf of the European Central Bank to ensure financial institutions have robust firewall policies.
The value of time
One of the greatest menaces that banks face is from advance persistent threat (APT) groups, which can be made up of either well-organized gangs or actors working on behalf of nation-states. APT groups are aggressive, often well-resourced, and will stop at nothing to achieve their goals. To counter the cybercriminals, financial institutions need to be able to detect an attack is taking place at the earliest opportunity and have ready access to tools to stop it in its tracks.
However, all too often banks’ adherence to traditionally manual processes hampers incident response times. For instance, it is estimated it can take a security analyst up to an hour to investigate and respond to a single threat alert. Meantime, a cybercriminal could achieve its objective.
This situation is further exacerbated by the fact that security analysts typically receive more alerts than they can handle, particularly if alert parameters are not clearly defined. In fact, security teams do not even look at nearly half of the alerts they receive according to research from Cisco, meaning that many genuine threats could be slipping through the net.
The smart money’s on automation
To help them cope with the growing speed, sophistication, and volume of attacks, IT security teams at financial institutions need to automate as many of their processes as possible. Doing so will enable them to focus on those complex cases that need human intervention while leaving the bulk of alerts and clear IT policy violations to be dealt with by Artificial Intelligence/ Machine Learning (AI/ML).
As an organization becomes more sophisticated in its use of automation, more and more complex issues can be handled by the system. Security Orchestration, Automation, and Response (SOAR) provide a risk-based approach based on an organization’s unique structure and objectives. This can then be combined with the SIEM to create a single pane of glass through which tens of thousands of daily alerts can be monitored and prioritized.
Financial institutions’ race towards digital transformation is likely to become ever more business-critical. As it does there will be a corresponding rapid increase in the volume of risks and associated alerts. Automation can help security analysts better handle the mountain of alerts they receive each day, improving the odds that the culprits will get caught in the act before they have a chance to open the virtual cashbox.
About the Author
Faiz Shuja, CEO, SIRP . Over sixteen years of experience in designing, implementing, and managing secure technology infrastructures. Has been involved in information security management, enterprise security operations, honeynets, penetration testing, incident handling, and forensics analysis.
Currently Co-founder & CEO for SIRP. SIRP is a Risk-based Security Orchestration, Automation, and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response. Through a single integrated platform, it drives security visibility, so decisions can be better prioritized and response time is dramatically reduced. With SIRP, the entire cybersecurity function works as a single, cohesive unit.
Also, CEO of The Global Honeynet Project, a non-profit, all-volunteer organization dedicated to Honeynet research. The Honeynet Project’s goal is to learn and raise awareness about the motives and tactics of the Black Hat community. Its aim is to share and dissipate knowledge about the various tools and hacker practices in use on the Internet today.