Protecting Your Data Against Cyberattacks

Criminals follow the money, making financial services firms a top target for cyberattacks. Financial services firms fall victim to cyberattacks roughly one billion times per year, according to Forbes, which is approximately 2,000 attacks per minute or over 30 attacks per second, costing each firm approximately $18 million.

Additionally, as reported by ITSP Magazine:

• The average data breach cost for financial institutions rose 5% to $7 million per breach in 2017.
• The average cost to the financial industry per record, lost or stolen, during a breach was $336, compared to cost per record of U.S. businesses of $225.

What’s happening? There have been changes in the threat landscape including a reduced amount of time between the emergence of the vulnerability to the attack, lower costs to launch an attack, easier methods to monetize attacks and declining sophistication required to launch an attack. This is all leading to a huge increase in the number of attacks impacting organizations every day.

Adding to these challenges are staffing issues ranging from an acute shortage of cybersecurity professionals to overworked security analysts. According to new research from Critical Start, Security Operations Center (SOC) analysts continue to face an overwhelming number of alerts each day that are taking longer to investigate, leading five times as many SOC analysts this year to believe their primary job responsibility is simply to “reduce the time it takes to investigate alerts.” The research reflects what the industry is seeing – as SOCs get overwhelmed with alerts, they are beginning to ignore low- to medium-priority alerts, turn off or tune out noisy security applications and try to hire more people in an attempt to keep up. Combine that stressful work environment with a lack of training, and it becomes clear why SOC analyst churn rates are so high, which only results in enterprises being more exposed to risk and security threats.

Evaluating your cybersecurity posture is critical to maintaining integrity with your members, employees and the industry as a whole. If you’re looking for a starting point, here are some key considerations.

• Ensure you have a senior-level executive on your team dedicated to overseeing your cybersecurity program. Ideally, they should be a member of your C-suite or your chief security officer.
• Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas.
• Perform a perimeter penetration assessment. Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
• Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review; network security controls; Windows platform assessments; privileged account access; vulnerability management processes; management of mobile devices; investigation, blocking and response capabilities; and user awareness training.
• Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what you paid for.

Another step is to consider implementing a managed detection and response (MDR) solution. An MDR can aid your internal team in detecting cybersecurity threats in a particular environment. MDR performs a series of functions including analyzing the types of risks in which your organization may be exposed, helping you determine what the most critical threats are and take preemptive steps to close those doors to cyber thieves.

If you already outsource security functions, be sure to:

• Find out how your provider deals with alert fatigue. Alert fatigue is the overwhelming volume of alerts that exceeds an organization’s capability to properly triage or analyze what currently exists in the queue. Most often, the typical response is to cut off sections of priorities of alerts in which organizations decide only to deal with just the critical alerts – which can lead to breaches.
• Gain transparency or complete visibility into your service provider’s operations. Some providers have taken the approach that the tools they use don’t need to equal the capabilities that the consumer has. Find out what’s happening behind the scenes – why are some alerts ignored? What criteria are they using when deciding which alerts to deal with?

Security is a complex and evolving area. While threats are a concern for every enterprise, the threat is even greater for financial institutions due to the sensitive nature of the information they keep. While the tips outlined above are a good start in securing your organization’s sensitive information, consult with cybersecurity professionals to help assess your current situation, address immediate threats and put together a strategic cybersecurity program for your institution.

Callie Guenther is a CyberSOC Data Scientist for Critical Start. She can be reached at callie.guenther@criticalstart.com.