< BACK TO BLOG

12 May, 2021
by Arctic Wolf

7 Cybersecurity Best Practices Financial Firms Should Live By

According to the IBM X-Force Threat Intelligence Index 2020, for the fourth year in a row, the Finance and Insurance sector was the industry that experienced the greatest number of cyberattacks.

It’s no mystery why: Hackers go where the money is.

According to Verizon’s 2019 Data Breach Investigations Report, financial gain was the most common motive in data breaches across all industries, with 71 per cent of breaches financially motivated. And in the financial and insurance sector, the number was even higher: 88 per cent.

Furthermore, the majority of midmarket companies (with 250-499 employees) surveyed by Cisco experienced a breach, indicating that smaller companies are an increasingly attractive target. The survey also found that one-fifth of those victimised said the breach cost them more than $1 million. And it’s not just small companies who are at risk. Major companies around the world are also experiencing attacks in greater numbers and in scope.

To avoid becoming another breach statistic, financial institutions should always follow these best cybersecurity practices:

Cybersecurity Best Practices For Financial Institutions

1. Establish a Formal Security Framework

There are currently several core security frameworks to help financial institutions manage cyber risk more effectively. These include:

The National Institute of Standards and Technology (NIST) Cybersecurity Framework:

This framework covers best practices in five core areas of information security – Identify, Protect, Detect, Respond and Recover.

The Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook:

This manual provides a comprehensive list of security guidelines that cover everything from application protection and end-of-life management to supplier management and the rule of least privilege.

Use the NIST and FFIEC guidelines to start establishing baseline security capabilities that make the compliance processes for GLBA, PCI DSS and SOX standards easier.

2. Arm Your Employees with Knowledge

The vast majority of malware proliferates through online social engineering schemes that manipulate unsuspecting users into opening the door wide for hackers.

One of the most common examples of this is fileless – or zero-footprint – malware. These strains are effective at bypassing firewalls, since they take advantage of existing applications rather than attempting to sneak a payload through a web filter.

A user may receive an email from an unknown sender (or worse, from a known contact whose account was compromised) containing a seemingly legitimate Excel spreadsheet or Word document. Upon downloading that attachment, the recipient may be prompted to enable macros, which are legitimate scripts used to run certain tasks.

But in reality, that macro will issue a command to a remote server to download malware.

Employees are your first line of defence against such threats. All those involved in the lines of business must learn how to spot phishing schemes. Attachments without context or vague subject lines, for example, even when sent from an existing contact, are dead giveaways.

Teach employees these identification techniques and other security best practices, such as using password managers and logging out of devices before leaving them unattended, to significantly curb the risk of user-driven compromise.

3. Perform Continuous Threat Monitoring

Especially in finance, 24×7 threat monitoring is critical, as the real damage is often done when you’re caught unaware. In fact, our Security Operations Report has revealed that 35% of threats were detected between 8 p.m. and 8. a.m.

The majority of data breaches are furtive in nature. After hackers worm their way onto your network, they’ll attempt to cover their tracks in order to be persistent. They sneak in, perhaps by first stealing login credentials through a phishing campaign, then they attempt to mask their activity using a series of advanced tactics.

Once they’re inside, the risk multiplies exponentially as they try to move laterally to other systems with sensitive information. This has potentially catastrophic consequences for firms in financial services, as the next step is to create backdoors through which they can slowly siphon data for use in future attack campaigns or to sell on the dark web.

In some cases, hackers will take more direct action.

In one of the boldest attacks against a financial institution to date, hackers used the SWIFT banking network in 2016 to wire themselves $81 million after breaching the Bangladesh Central Bank using a series of phishing scams.

This incident – and others like it – highlight the significance of real-time threat monitoring. The sooner you detect an indicator of compromise, the more quickly you can take action to prevent harm to your financial institution. And early detection can be the difference between a minor setback and a major nosedive.

4. Assess and Manage Vulnerabilities

The IBM X-Force report found that more than 140,000 software vulnerabilities were reported just in the past three years – a significant increase over previous years. Additionally, organisations had 1,440 unique vulnerabilities on average. The researchers noted this was the direct result of an increased attack surface, as the adoption of new technology such as the Internet of Things (IoT) adds more contact points that attackers can exploit.

With the average organisation deploying 129 apps, there are ample opportunities for bad actors to find weaknesses. And that’s just the apps IT knows about – shadow IT increases the risk. Gartner estimates that a third of successful attacks next year will involve shadow IT.

No organisation can address all vulnerabilities, even with the best IT teams and technology in place. That’s where a vulnerability assessment comes in. They help you:

Gain visibility across your environment, allowing you to know what software and systems have weaknesses.
Prioritise the most critical vulnerabilities so you can mitigate those first.

Vulnerability management is one of the most effective ways to reduce your attack surface. However, it needs to be done consistently. If you’re only performing vulnerability scans periodically, it’s still not difficult for opportunistic attackers to find their way in.

5. Manage Third-Party Risks

Financial institutions rely on a variety of suppliers and partners – and those relationships bring exposure to the business.

Even if you have a strong security posture, your adversaries can simply find the weakest link in your supply chain.

Consider the case of data and analytics company Ascention, which serves financial institutions. In 2019, a misconfigured online server exposed 24 million financial and banking documents dating back more than a decade. The leak was due to a supplier that the company used. As a result, customers of numerous financial institutions had personally identifiable as well as financial data exposed.

Across all sectors, Ponemon Institute found that companies share information with an average of 583 third parties, and 59 per cent of those surveyed said they’ve experienced a breach due to a third party. Yet only about a third kept an inventory of their third parties and even fewer – 16 per cent – said they effectively mitigated the risks.

Steps that minimise third-party risks include:

Establishing and verifying security posture for suppliers and partners.
Requiring business associates, through your service agreements, to maintain security best practices.
Segmenting your network and limiting third-party access to critical assets.
Monitoring your network for anomalies by using a threat detection and response solution.

6. Create a Strong Cybersecurity Culture, Starting at the Top

A strong cybersecurity culture goes beyond an employee awareness programme, by positioning cybersecurity as ‘everyone’s business’, not just an IT problem. It means that all stakeholders – from the board of directors and the executive leadership down to every line employee – view themselves as a critical part of a strong security posture.

The NIST Cybersecurity Framework has four tiers of implementation, with the most-rigorous tier 4 being ‘adaptive’.

In a survey of CISOs who were members of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Deloitte found one of the core characteristics shared by adaptive organisations with the most-successful cybersecurity programmes included active involvement from the board and executive leadership team.

With an engaged board and senior leadership that makes cybersecurity a priority, it’s much easier to get buy-in for the resources you need for your cybersecurity initiatives. And when the executive leaders emphasise a cybersecurity culture – and implement programmes that align with that culture – it’s much easier to get buy-in from all stakeholders across your organisation.

7. Devise Comprehensive Incident Response Plans

Incident response (IR) should never be treated like an ad-hoc process. Assume that you will be breached. Because you will.

Your IT organisation should already have a well-defined methodology and IR playbooks that can be quickly implemented to quarantine, block or eliminate malicious network traffic.

But it’s not just frontline security analysts and incident responders that need clear IR protocols. Dealing with a major compromise swiftly is a joint, organisation-wide effort. This ties back to having a strong security culture in your organisation. Every employee, from the CEO to the summer intern, needs to know the standard operating procedure in the event of a cyberattack.

For example, whose job is it to inform clients if the breach has impacted them? If data has been lost, what should an employee do to try to recover it, or who should they contact? Answering these types of questions ahead of time can reduce post-intrusion confusion and pave a smooth path to recovery.

A Robust Approach to Cybersecurity

With SOC-as-a-service, businesses of every size can implement best practices affordably and attain threat monitoring and detection services that can help stop attacks before they do damage. Interested in finding out more? Learn how SOC-as-a-service can help your organisation and discover how Arctic Wolf can help enhance security at your financial organisation.

Additional Resources

Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn and YouTube
Visit arcticwolf.com to learn more about our security operations solutions
If you’re ready to get started, request a demo or get a quote today

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

Continue Reading

Series of blue lines with a browser icon.

A Brief History of Cybercrime

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY