7 Cybersecurity Best Practices Financial Firms Should Live By

Share :

According to the 2021 IBM X-Force Threat Intelligence Index , the finance and insurance industry sector experienced the most cyber attacks for the fourth year in a row. It’s no mystery why: Hackers go where the money is.

And according to Verizon’s 2021 Data Breach Investigations Report (DBIR), financial gain was the most common motive in data breaches across all industries: 93 percent of breaches involving companies with fewer than 1,000 employees were financially motivated. For companies with more than 1,000 employees, the 2022 DBIR has reported that 78 percent involved financial motives.

Verizon’s DBIR also found that large organizations uncovered breaches within days or hours in barely half (55 percent) of all cases. Small businesses were less effective, discovering an attack within days in only 47% of cases.

To avoid becoming another breach statistic, we’ve compiled a list of best practices for financial institutions to implement.

Best Cybersecurity Practices For Financial Institutions

1. Establish a Formal Security Framework

There are several core security frameworks to help financial institutions manage cyber risk more effectively.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework

This framework covers best practices in five core areas of information security:


The activities in the identify function are foundational for effective use of the framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts in accordance with its risk management strategy and business needs.


The protect function supports the ability to limit or contain the impact of a potential cybersecurity event.


By developing and implementing appropriate activities to identify the occurrence of a cybersecurity event, the detect function enables timely discovery of cybersecurity events.


By developing and implementing appropriate activities to act upon a detected cybersecurity incident, the respond function supports the ability to contain the impact.


By developing and implementing appropriate activities to maintain plans for resilience and restore any capabilities or services that were impaired due to a cybersecurity incident, the recover function supports timely recovery to normal operations.

Read more about the framework and the definitions provided above.

The Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook

This manual provides a comprehensive list of security guidelines that cover everything from application protection and end-of-life management to vendor management and the rule of least privilege.

By using the NIST and FFIEC guidelines to establish your organization’s baseline security capabilities, adopting the processes for the additional security compliance requirements presents less of a challenge. With a strong foundation already in place, achieving compliance typically requires less time, effort, and expense to achieve.

Gramm-Leach-Bliley Act (GLBA)—Regulates the collection, safekeeping, and use of private financial information.

Payment Card Industry Data Security Standard (PCI DSS)—Sets requirements for companies and organizations that store, process, or transmit cardholder data.

The Sarbanes-Oxley Act (SOX) —Establishes requirements for the secure storage and management of corporate-facing electronic financial records.

Building a robust baseline based on NIST and FFIEC guidelines sends a strong message regarding your organization’s commitment to security and its willingness to adopt best practices.

Closeup of a right hand on a laptop. A man is holding a chart on the left side of the image.

2. Provide Your Employees with Knowledge

The vast majority of malware proliferates through online social engineering schemes that manipulate unsuspecting users to open the door wide for hackers.

One of the most common examples of this is fileless, or zero-footprint, malware. These strains are effective at bypassing firewalls because they take advantage of existing applications rather than attempting to sneak a payload through a web filter.

A user may receive an email from an unknown sender (or worse, from a known contact whose account was compromised) containing a seemingly legitimate Excel spreadsheet or Word document. Upon downloading that attachment, the recipient may be prompted to enable macros, which are legitimate scripts used to run certain tasks.

In reality, however, that macro will issue a command to a remote server to download malware.

Employees are your first line of defense against such threats and they must learn how to spot phishing schemes. Attachments without context or vague subject lines, for example, even when sent from an existing contact, are dead giveaways. Security awareness training can play a critical role in educating employees on cyber threats, influence their behaviors, and support a robust security culture throughout your organization.

Teach identification techniques and other security best practices—like using password managers and logging out of devices before leaving them unattended—to employees to significantly curb the risk of user-driven compromise.

3. Perform Continuous Threat Monitoring

Especially in finance, 24×7 threat monitoring is critical, as the real damage is often done when you’re caught unaware. In fact, our Security Operations Report revealed that 35 percent of threats were detected between 8 p.m. and 8. a.m.

Most data breaches are furtive in nature. After hackers worm their way into your network, they’ll attempt to cover their tracks to allow themselves to become persistent. They sneak in, perhaps after stealing login credentials through a phishing campaign, and then attempt to mask their activity using a series of advanced tactics.

Once they’re inside, the risk multiplies exponentially as they try to move laterally to other systems with sensitive information. This has potentially catastrophic consequences for firms in financial services, as the next step is to create backdoors through which they can slowly siphon data for use in future attack campaigns or—instead— for which to sell on the dark web.

Or, in some cases, hackers will take more direct action.

In 2020, the Federal Bureau of Investigation’s Internet Crime Complaint Center received 19,369 reports pertaining to email compromise where criminals engaged in fraudulent transfers, such as wire fraud, with adjusted losses of over $1.8 billion.

Prior to that, in 2016, in one of the boldest attacks against a financial institution to date, hackers used the SWIFT banking network to wire themselves $81 million after breaching the Bangladesh Central Bank using a series of phishing scams.

These incidents and others like it highlight the significance of real-time threat monitoring. The sooner you detect an indicator of compromise, the more quickly you can take action to prevent harm to your financial institution. Early detection can be the difference between your firm suffering a minor setback or taking a major nosedive.

A line of computer code on a screen.

4. Assess and Manage Vulnerabilities

Entries in the US-CERT Vulnerability Database , which keeps track of vulnerabilities in production code, reached an all-time high in a monthly report released in December 2020. This included a record number of vulnerabilities classified as high severity. The spike may have resulted from the release of applications without sufficient quality assurance as well as a greater reliance on open-source code. Coding provided by third parties to shorten the development cycle may have also contributed.

In 2022, we’ll likely break the record established in 2020. We expect to see an even larger number of identified vulnerabilities due to the rush during the pandemic to support ecommerce and the challenges of developing applications with overworked technical teams that continue to operate remotely.

With the average organization deploying 129 apps , there are ample opportunities for bad actors to find weaknesses. And those are just the apps IT knows about; shadow IT increases the risk further.

No organization can address all vulnerabilities, even with the best IT teams and technology in place. That’s where a vulnerability assessment comes in. They help you:

  • Gain visibility across your environment, allowing you to know which software and systems have weaknesses.
  • Prioritize the most critical vulnerabilities so you can mitigate those first.

Vulnerability management is one of the most effective ways to reduce your attack surface. However, it needs to be done consistently. If you’re only performing vulnerability scans periodically, it’s still not difficult for opportunistic attackers to find their way in.

5. Manage Third-Party Risks

Financial institutions rely on a variety of vendors, suppliers, and partners—and those relationships bring increased exposure to the business. According to IBM’s Cost of a Data Breach Report 2021 , vulnerability in third-party software was the fourth most frequent source of breaches and cost an average of $4.33 million.

Even if you have a strong security posture within your own organization, your adversaries can simply find the weakest link in your supply chain to launch their attack.

Consider the case of data and analytics company Ascension, which serves firms in the financial industry. In 2019, a misconfigured online server exposed 24 million of its financial and banking documents dating back more than a decade. The leak came from a vendor the company used. As a result, personally identifiable and financial data of many large financial services companies was exposed.

Steps that minimize third-party risks:

  • Establishing and verifying the security posture of vendors and partners before engaging them, and conducting periodic reviews throughout the relationship.
  • Requiring business associates, through your service agreements, to maintain security best practices. This includes providing their own employees, contractors, and vendors with security awareness training.
  • Segmenting your network and limiting or prohibiting third-party access to critical assets.
  • Mandating via contract notification requirements for third parties who experience a breach.
  • Monitoring your network for anomalies using a threat detection and response solution.

6. Create a Strong Cybersecurity Culture, Starting at the Top

Cybersecurity should not be considered just an IT problem. A strong cybersecurity culture goes beyond an employee awareness program by positioning cybersecurity as “everyone’s business.” It means that all stakeholders—from the board of directors and the executive leadership down to every line employee—view themselves as a critical part of a strong security posture.

The NIST Cybersecurity Framework has four tiers of implementation that capture how an organization views cybersecurity risk and the processes in place to mitigate it. “Partial” represents the least rigorous and sophisticated approach while “adaptive” is the most.

  • Partial
  • Risk informed
  • Repeatable
  • Adaptive

Each tier considers an organization’s:

  • Current risk management practices
  • Threat environment
  • Legal and regulatory requirements
  • Information-sharing practices
  • Business mission/objectives
  • Supply chain cybersecurity requirements
  • Organizational constraints

NIST encourages organizations to pursue the next tier when the cost–benefit of doing so results in a “cost-effective reduction of cybersecurity risk.”

In a survey of CISOs who were members of the Financial Services Information Sharing and Analysis Center, Deloitte found that one of the core characteristics shared by adaptive organizations with the most successful cybersecurity programs was active involvement from the board and executive leadership team.

With an engaged board and senior leadership that makes cybersecurity a priority, it’s much easier to get buy-in for the resources you need for your cybersecurity initiatives. And when the executive leaders emphasize a cybersecurity culture—and implement programs that align with that culture—it’s much easier to get support from all stakeholders across your organization.

7. Devise Comprehensive Incident Response Plans

Organizations in every industry and size are at risk of a breach. Over the years, we’ve seen hackers broaden their horizons while also industrializing the approach to receive the maximum payoff.

With this in mind, incident response (IR) should never be treated like an ad-hoc process. Assume that you will be breached. Because you will.

Your IT organization should already have a well-defined methodology for an effective response and IR playbooks that can be quickly implemented to quarantine, block, or eliminate malicious network traffic.

But it’s not just frontline security analysts and incident responders who need clear IR protocols. Dealing with a major compromise swiftly is a joint, organization-wide effort. This ties back to having a strong security culture in your organization. Every employee, from the CEO to the summer intern, needs to know the standard operating procedure in the event of a cyber attack.

Incident Response Plan Questions to Ask

  • Whose job is it to inform clients if the breach impacts them?
  • If data gets lost, what should an employee do to try to recover it, or whom should they contact?
  • Who will capture and communicate internal updates regarding the progress of the response effort?
  • Who can make decisions to engage third-party security providers to help with the response effort?

Answering these types of questions ahead of time can reduce post-intrusion confusion and pave a smooth path to recovery.

Developing A Robust Approach to Cybersecurity

Security operations providers can help businesses big and small implement best practices affordably and attain threat monitoring and detection services that can help stop attacks before they do damage.

Given the round-the-clock operations of global cybercriminals, your organization needs access to security experts and 24×7 coverage.

Learn how Arctic Wolf can help your financial institution stay protected and reduce cyber risk.

Is your financial institution secure? Learn how to better improve your security posture with our checklist.

And gain insight into Security Operations for Financial Institutions.

Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter