Written by John Checco
John Checco is an information security expert, providing security expertise in a variety of industries. He is currently Head of the CISO Advisory Board on Financial Services for Proofpoint and President Emeritus of the New York Metro InfraGard Members Alliance (an FBI public-private partnership program).
Since the beginning of the COVID-19 pandemic, financial institutions have launched a wave of cloud-based initiatives to help employees with remote access. In addition, the way customers interact with institutions is driving these companies to drive digitization initiatives for “Banking Anywhere, Anywhere Mobile” that enabled them to connect with and maintain their customer base during the pandemic.
With the growing need to support a wide variety of remote users, maintain business resilience, and adapt to federal regulations, financial institution executives and regulators also face increased security risks that can arise with these rapid changes. In some cases, organizations that have relaxed rigid security protocols to meet changing user needs may not be prepared to build their resilience to internal and external security threats.
Vulnerabilities in financial networks
Cyber threat actors are rapidly adopting techniques, tools, and procedures to exploit security vulnerabilities resulting from the expansion of capabilities in the cloud and creating new ways to infiltrate corporate networks that financial firms share to conduct day-to-day operations. Since 2020, Proofpoint has seen a significant increase in the number of cyber threat actors targeting the networks we monitor, particularly through cloud and supply chain vulnerabilities.
Some of these risks are exacerbated by the reliance on legacy transactional systems that are still in use, even though they are fragile systems with limited support and migrating to the cloud may not be feasible. Because of their outdated architectures, the security controls in many of these systems were often added over time and not designed to interact with today’s more modern systems, making them more vulnerable to financial fraud and insider threats. Additionally, we’re seeing more sophisticated attacks using social engineering email tactics or credential dumps from previous hacks that leave employees vulnerable to account takeover attempts.
The financial services sector (FinServ) is particularly unique in that institutions encompass a wide range of financial activities such as banking, investment and insurance that rely on an interconnected network of underlying service providers, including their own competitors. As a result, hackers have more opportunities to meddle in the middle of financial transactions and infiltrate a wider network of financial operations.
Vulnerabilities in the network
These concerns – and the risk of insider threats – have grown and become more acute with the dramatic increase in teleworkers. These can be either negligent users who accidentally break policies while trying to do their work remotely, or malicious users who want to benefit or harm the company.
Financial regulators will have an important role to play in adapting the FinServ sector to new staffing needs, as certain compliance regulations have been created on the assumption that there are certain physical and logistical separations in an office environment.
While the relaxation of regulations during the pandemic allows institutions to continue their operations, it inadvertently creates greater security and compliance issues. As a result, new solutions are needed to help institutions ensure that their employees continue to adhere to compliance standards. For example, in 2000 we saw easements removed to enable companies to cope with this challenge. However, what regulators and institutions later discovered were more widespread cases of non-malicious collusion between companies.
By working to establish new compliance standards for zero trust security practices, the financial sector can implement a number of tools and guidelines that will help mitigate risk across the network.
For example, setting up multi-factor, risk-based authentication and conditional access across the enterprise can be combined with other tools that isolate inward-looking browsers to limit data loss, much like tools that isolate outward-looking browsers. And today, modern insider threat management solutions can investigate user behavior analysis and anomaly detection that go beyond basic triggers such as bandwidth usage and login attempts, and include advanced detection capabilities that indicate when a security threat needs to be investigated.
Introduction of a data-driven, human-centered security approach
Cyber criminals are becoming more organized and sharing information stemming from multiple security breaches and known visibility gaps. As a result, the FinServ sector needs to improve its information exchange practices. While the federal government has been practicing strong cooperation practices across the sector as part of the Analysis and resilience center (ARC), the exponential rate at which threat actors are compromising networks requires a stronger response from both federal agencies and industry.
At Proofpoint, we believe that a people-centric approach to security can better equip business leaders with insight into the cyber attackers and the profile types of the targeted employees. This risk-based approach enables targeted security spending where it makes the most sense.
We work with a global network of customers every day to detect and block advanced threats, and use over 8,000 gateways in public and private organizations to gather information about which companies are being attacked within a given sector and create contextual security awareness for our customers.
Our ability to share security data behind the scenes not only gives companies a better chance of increasing the visibility of their cyber risks, but also of predicting or predicting future threats.
And we can strengthen the security situation of our customers with a variety of other security tools. For example, domain-based message authentication, reporting, and compliance (DMARC) solutions enable companies to identify their trusted vendors’ email domains and set inbound email policies that block traffic from senders who do not have an approved IP address or the correct cryptographic signature. Organizations can also manage access in-house using tools like the Nexus People Risk Explorer, which alerts security teams when employees may have too much access or are currently under attack.
Finally, my biggest recommendation to FinServ’s industry leaders and regulators is to take a moment and take a deep breath. The pandemic has brought many challenges that are both within our control and beyond our control. But as long as we continue to work openly and collaborate across industries, the financial sector will ultimately emerge stronger.
Learn more about how Proofpoint can help you Protect federal agencies and their employees from malicious attackers.