According to the 2019 “IBM X-Force Threat Intelligence Index” report, “the finance and insurance sector has been the most-attacked industry for three years in a row, with 19 percent of total attacks and incidents in 2018.” As the evolving threat landscape grows, so does customer demand for convenience, raising concerns for those who are ill-prepared. In this environment, being transparent and demonstrating a mature, integrated business and security model is critical for building trust.

Financial Services Firms Face Daunting Challenges

The steady drumbeat of attacks has made security a priority issue for financial services executives. Despite the obvious importance of security for financial services organizations, the level of preparedness across the industry varies and many firms struggle to address increasingly complex challenges. Let’s take a closer look at some of the most common obstacles financial institutions face.

Threats of Systemic Cyberattacks on the Financial Services Industry

Often, larger financial institutions have sophisticated security capabilities, but smaller firms may not. As the industry grows more and more interconnected, the security vulnerabilities of some can increase risks for many across the industry.

Sophisticated Cybercriminals

Criminals are adept at exploiting weak links in the security chain and once in, can leverage other weaknesses to increase their control, enable repeated access and execute attacks without being detected. As captured in the IBM X-Force Threat Intelligence Index, “Financially-motivated threat actors pose the most significant threat to the financial services industry, with threats from nation state groups in this sector, increasing over the past three years and resulting in the direct theft of millions of dollars from banks around the globe.”

Regulatory Concerns

Financial services firms face stringent cybersecurity regulations, such as 23 NYCRR 500, which places more accountability on senior executives. Also, as financial organizations adopt hybrid cloud, they face more scrutiny by regulators and must ensure workloads in the cloud meet new security standards.

Too Many Disparate Tools

Many institutions have numerous, siloed security tools that add complexity rather than providing insight. When these tools don’t integrate or communicate efficiently, they don’t provide the visibility security teams need to establish seamless, holistic protection, which is required to keep up with today’s threats.

Talent Gaps

The financial services industry, like other industries, is grappling with substantial talent gaps. In contrast, cybercriminals targeting the sector are growing in number, becoming industrialized and beginning to leverage advanced technologies such as artificial intelligence (AI) in their arsenal.

Competitive Threats and Margin Pressures

Financial services institutions strive to continuously innovate and offer differentiated digital experiences while simultaneously demonstrating advanced, but nonintrusive security capabilities. Success across these factors reduces churn and allows institutions to alleviate operational costs.

Inadvertent Insiders and Lack of Attention to Security Fundamentals

Frequently, companies lack discipline with elemental security responsibilities. Also, as mentioned in the “IBM X-Force Threat Intelligence Index”, “two of the most prolific ways X-Force researchers have observed inadvertent insiders leaving organizations open to attack is by falling for phishing scams or social engineering, and through the improper configuration of systems, servers, and cloud environments, and by foregoing password best practices.”

Insufficient Capabilities and Preparation for Right of Boom

As executives realize that it is not a question of if they will face a cyberattack, but when, the lack of investment right of boom — in the response and management of a cyberattack after it occurs — raises considerable concern. Often, personnel on the front lines don’t have capabilities such as AI, machine learning and intelligent orchestration and face an increasingly difficult task to diagnose a breach, assess the size and scope, and respond in the timeframe required by the General Data Protection Regulation (GDPR).

For many firms, the company’s success depends on one or a few individuals who may not have adequate information or experience to take the best actions during the hectic moments of a breach. In addition, many institutions are not prepared to address the increasingly common scenario of attacks launched by internal resources.

Opportunities to Improve Cybersecurity in the Financial Services Industry

To avoid the consequences of a breach, including damage to the corporate brand, loss of digital trust, regulatory impacts or worse, many organizations are taking action. Companies that can address the ever-increasing number of security challenges while also enabling innovative, differentiated experiences for their clients can gain a competitive advantage. Here are some great steps for getting started:

  • Strengthen your defense strategy. Use capabilities such as advanced data intelligence gathering and security analytics optimized with automation and AI to force-multiply your teams’ efforts and assess advanced threats that may have bypassed your controls.
  • Collaborate with industry peers and experts. Don’t go it alone as you prepare to battle threats to individual institutions as well as the industry ecosystem. Leverage communities, cyber range facilities, professional services and intelligence analysis tools to hunt and battle threats and assess and improve your readiness.
  • Practice incident response. Develop and maintain dynamic response playbooks that use AI and machine learning to automatically leverage threat intelligence information and practice your incident response plans with rigor.
  • Increase attention on fundamentals. Focus on core responsibilities, including knowing your assets and inventory, understanding your firm’s vulnerabilities and attack surfaces, classifying sensitive data and tracking usage patterns, using multilevel authentication and layered defenses, ensuring device security, improving patch management and more.
  • Build digital trust. Adopt new approaches to identity and access management (IAM) to enable authentication without imposing on the customer experience. Technologies include passive behavioral biometric approaches that focus on what and who you are rather than what you know.
  • Innovate while improving defenses and manage risk with enterprise cloud security. Pursue accelerated growth and the benefits of hybrid cloud while securing data and workloads in the cloud.
  • Get ahead of compliance. Leverage technology to understand how your firm’s regulatory obligation exposure is changing over time.
  • Foster a security-oriented culture and expand executive involvement. Work to make security a central focus for all employees and elevate security beyond the responsibility of the chief information security officer (CISO) alone.

Progressive companies are offering compelling, personalized customer experiences while building financial services cybersecurity operations that are data-driven, flexible and scalable. Firms that do not have strong cyber capabilities and an effective incident response plan are setting themselves up for the worst-case scenario associated with a breach.

Learn more at the IBM Security Banking and Financial Markets site

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-ranking banking trojan Ramnit out to steal payment card data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today