Blog article
See all stories »

How Financial Institutions Can Prepare for Advanced Cyberthreats in 2022 and Beyond

Banks and other businesses in the financial services industry are prime targets for cyberattacks with the plethora of sensitive information contained in customers’ files, especially as more of the world transitioned to online banking and alternative/contactless forms of payment during the pandemic. Now, a new wave of embedded finance, Banking as a Service (BaaS) and other financial technology (FinTech) software is emerging to make online transactions easier for customers but widening the threat landscape even more as a result. In August, Advanced Technology Ventures, a venture capital firm with more than $1.8 billion in assets, was hit by ransomware that led to cybercriminals stealing the personal information of the company’s private investors.

Along with increasing threats, financial institutions must also adhere to regulatory compliance requirements like the Gramm-Leach-Bliley Act (GLBA) or risk regulatory fines. For instance, a data breach impacting 100 million Capital One customers in 2019 led to an $80 million fine for “failure to establish effective risk assessment processes.”

According to a report by the Boston Consulting Group, financial services firms are 300 times as likely as other companies to be targeted by cyberattacks including phishing schemes, ransomware and other malware attacks, and even insider threats. Because of this, financial institutions must take a more proactive approach to cybersecurity or risk devastating data breaches. Financial institutions can take the following steps to ensure their organization is protected, while continuing to adhere to regulatory compliance.

Detect and Manage Threats

Implementing continuous monitoring and threat detection capabilities is essential for bridging the glaring security gaps many banks and financial institutions are facing. Ransomware is often not a one-time event. In fact, it can happen multiple times to the same company. Regardless of whether an organization has had an incident or not, it is important to monitor the entire range of networks and apps across the IT landscape on a continuous basis as opposed to periodic assessments. With this type of constant visibility, companies know if they are compromised or secure.

It is increasingly more important for financial organizations to build a strong foundation by adopting endpoint technologies and other security solutions and processes that formalize their ability to detect cyberattacks at the earliest stage possible. There are a few ways these technologies can help institutions protect themselves, including providing important context into anomalous behaviors, flagging known indicators of compromise and accelerating threat detection and response. Though, detection alone does not stop cybercriminals from attacking. Once suspicious activity that could indicate early steps in an attack are detected, it's important for companies to have controls in place to stop further activity and an incident response plan to mitigate the attack.

Backup and Disaster Recovery

According to the National Cyber Security Alliance, 60 percent of small and midsize businesses that experience a hack go out of business within six months. Because of the significant impacts attacks have on organizations, backup and disaster recovery planning can help businesses quickly recover from attacks such as ransomware. As one of the simplest forms of disaster recovery, a backup entails storing essential company data off-site that can be restored if an attack impacts a business. With good, verified backups, an organization may be down for just a few hours because of the time required to restore from backup.  

Planning for potential disruptions can save an organization not just valuable time, but also significant amounts of money in terms of lost revenue, credibility and recovery services.  A recent report showed that the average total cost of recovery from a ransomware attack can reach up to $2 million. Creating a plan before a disaster takes place also puts organizations in a better position to avoid paying ransoms due to the ability to resume operations. A solid disaster recovery capability can limit the impact of cyberattacks to being a minor disruption rather than an event that ends a company.

Security Leaders Should Report Directly to CEO

Security leaders in financial organizations should report directly to their CEOs and board of directors to ensure security is aligned with the larger business objectives. Just 7% of security leaders report directly to the CEO, according to a recent study from Ponemon Institute and LogRhythm. This reporting structure allows security leaders to directly communicate potential threats to the organization, mitigate risks and influence each function in the organization to create greater security awareness.

Now more than ever, the financial industry must take a proactive approach and invest in cybersecurity solutions that automatically detect malicious behavior and block further access attempts. These steps not only protect companies and the customers they serve but also ensure financial organizations are adhering to regulatory compliance.

Companies must create an incident response and disaster recovery plan that’s updated regularly to properly prepare for external threats and align their plans with the C-suite's overarching business goals. 

7427

Comments: (0)

Matt Sanders

Matt Sanders

Director of Security

LogRhythm

Member since

13 Oct

Location

Boulder

Blog posts

1

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all