Handling Security for BFSI
The Banking, Financial services and Insurance (BFSI) sector encompasses a broad range of businesses providing exceptional value and deep confidence inthe world's economy. With the change in time currently the major shift in business is towards providing cost effective ways to improve the business output, performance and deliver resilient, innovative products and service with enhanced user experience to meet the customer demands while retaining loyalty and trust. As organizations transcend their services for deriving business value they are navigating towards a landscape full of challenges.
Corporate, business and technology innovations to spur growth and cut costs are leading to higher levels of cyber risk. As perPWC's Global Economic Crime Survey, Cybercrimes are one of the most reported economic crimes with financial institutions being the prime targets. The cyber security landscape, especially for financial institutions is evolving day by day in volume, sophistication and impact with multiple advanced attack vectors.
Threats to the financial institution are existential, complex and difficult to manage, over the long run. This combined with the complexities (and scale) of specialized applications, diverse technology mapping creates an ecosystem of business full of complex threat vectors which attract multiple cyber adversaries.
Deloitte found that in the financial services sector, 88% of attacks are successful in less than a day, but only 21% are discovered within a day.
In the past, financial institutions have been installing comprehensive threat monitoring solutions for detecting potential destructive attack vectors or frauds which would result in loss of client / investor confidence. This is no longer enough
Financial institutions today require professionals with such cyber security skillets who have a clear knowledge of multiple types of threats and who can identify indicators of compromise (IOC) patterns across multiple assets in the organization. This would help the institutions better predict cyber threat campaigns in progress with advanced threat intelligence and monitoring.
Figure 1 Key transitions across financial sector
Advanced Cyber Security Threats
Intel Security recently released a report, in which as per their analysis, 82% of respondents report a shortage of cybersecurity services with more than 71% of respondents reported this shortage in cybersecurity serviceshaving direct and measurable damage.As per 2016 Financial Industry report by Secure Scorecard, they detected malware in nearly half of the largest 20 US Commercial banks.
Following are the key specific findings which were identified across the financial institutions.
- Generic Malware was found in 15 out of 20 commercial banks
- Ponyloader was found in 14 out of 20 commercial banks
- Vertexnet was found in 9 out of 20 commercial banks
- Keybase was found in 8 out of 20 commercial banks
- Malware events were detected across all 20 commercial banks over the past 365 days
- Over 422 malware events were detected in just one of the commercial banks over the past year
- A total of 788 malware events were detected in all 20 commercial banks over the past 365 days
Listed below are some of the leading cyber security threatcategories which are potential attack vectors for financial institutions:
- Targeted attacks
- Drive-by downloads
- Information Leakage
- Worms/ Trojans
- Code Injection Attacks
- Exploit Kits
- Physical damage, Theft
- Denial of Service (DoS) / Distributed Denial of Service (DDoS)
- Identity theft / fraud
- Ransomware / Scareware
- Data Breaches
Such cyber security events lead to data breaches and data breaches lead to identity theft, which is then used to hack into accounts of customers. These fraudulent activities cannot be generally detected as they are viewed by the system as authentic transactions. Thus, a lack of effective cyber security frameworkand the way security is handled across businesses has left industries open to multiple attack vectors resulting in reputation damage and data loss.
Need for a comprehensive Cyber Security Framework
Financial institutions primarily banks are the prime targets amongst all corporates who handle sensitive data since financial data is most sought after by hackers. As cyber risks grow across this sector, the supply of qualified cyber security professionals is stretched thin among corporates, governments and hacking organizations.
Classic Example: Breach at Barclays Bank
- The attack on Barclaysis a reminder that despite heavy investment in IT risk management, banks are still very vulnerable to cyber-attacks.In the breach, the attackers got customer’s personally identifiable information and personal health information such as their names, phone numbers, passport numbers, mortgages, savings, medical information etc
- Data breach had put Barclays under investigation by the Financial Conduct Authority (FCA) and the Information Commissioner's Office, which has the potential to impose fines on organizations for failing to protect private data.
To increase security detection and prevention capabilities across financial business unit’s, organizations must seek to capitalize ona comprehensive cyber security framework which includes the key ingredients as organization strategy, talent, processes and technical security requirements. Employers that leverage security professionals with wideexperience into risk assessments and mitigation, as a qualification for their team can be more confident in the skills of the employee and their understanding of evolving threats and priorities.
Having a comprehensive security framework assists in having:
- Improved IT security operations: It improves in defining and optimizing the security strategy for applications and infrastructure, so users and customers experience fewer security challenges and incidents – increasing the user experience.
- Security Effectiveness: Security response is a competitive differentiator for any business and is strategic to the business. Agile response to security requirements allowsorganizations to react quickly to incidents in the financial ecosystem.
- System Resilience: It helps in planning for security management to avoid prolonged security outages minimizing service level recovery time.
- Optimized Security Operations: It helps to understand and build a Security Operations Center (SOC) team, which can help to constantly monitor the security risk indicators for the physical infrastructure and maximizing the productivity of all the security solutions and its usage to the environment. It also helps to increase the efficacy of security staff across segregated areas to improve the potential for identifying risks and security improvements across key business zones.
Without the combination of a cyber security risk strategy and practical experience of securing infrastructure, applications and associated implementations – businesses are highly susceptible to cyber-attacks and generally tend to fail on the security side.
A cyber security framework cancreate more specific cyber security strategies and maturity roadmaps for and organizations handling more complex cyber security challenges. The focus of an organization should be to:
- Evolve and align the Cyber Security Program with the business continuity objectives
- Manage cyber readiness and preparation processes at all levels of the organization across all security areas
- Advanced cyber security analytics and monitoring solutions to provide the threat analysis and business context to enable rapid response
- Transcend intelligence, surveillance, and brand monitoring capabilities to reduce exposure and threat profiles
- Identify and detect breaches and define secure code development parameters to provide focused managed threat solutions
- Define a strategy around threat response, containment, and eradication - including cyber takedown, recovery, and forensics
Today financial institutions and businesses are challenged to defend their environment due to lack of comprehensive cyber security framework.As per the Intel Security key findings,one in three says a shortage of skills makes their organizations more desirable hacking targets. One in four says insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyber-attack.A robust security strategy requires a skilled workforce and the industry specific experience and security management adds value to the overall equation, especially for financial institutions.