Table of Contents
Financial sector cybersecurity teams already face intense pressure from regulatory bodies and cybercriminals. The impending recession and skills shortages just add more pressure vectors. Relief may lie in affordable automation.
Attacks on the financial sector are highly motivated (by the money) and very targeted. Financial sector victims don’t get selected through random scanning. The attackers are persistent and will use sophisticated methods to penetrate the victim because the reward value justifies the time, effort, and cost of doing so.
Banks are motivated to stop attacks before any reputational damage can be done. Customers need to have high confidence in these institutions to invest or deposit their money. Breaking that trust can have catastrophic consequences, from losing market share to ‘cyber-runs’ where customers (try to) withdraw their cash following a cyber attack. The appearance of security is a cornerstone of any bank’s brand image.
Financially minded executives will also weigh the potential costs of insecurity. The cost of downtime for an hour, a day, or a month will be calculated and will be taken into account when considering the value of cybersecurity efforts. Financial institutions don’t have a fundamentally different approach to cybersecurity than any other organization. The variance is more dependent on the size of the bank and the cost of a potential attack.
Is Cybersecurity Recession-Proof?
Up to a point, a certain bare-minimum level of cybersecurity is non-discretionary. To partially defend is to leave the organization wide open. A minimal level of protection will make the organization a harder target and fend off the broad driftnet attacks that look for easy ways into the organization, (IE, open remote-controlled ports, open vulnerabilities, anything that can be scanned). But motivated attackers could still find a way through.
A layered defense (defense-in-depth) is always the best practice because no technology stops all attacks and human interaction or misconfiguration can leave unseen gaps in the defenses. Security teams have to balance the level of security with their budgets and always look to improve and build justifications at a business level for those improvements.
Financial sector cybersecurity budgets can vary a lot from one institution to the next. Smaller financial institutions like credit unions simply can’t afford the number of defensive layers that the larger banks can count on. Cybersecurity operators might not like to hear this, but their small budgets can get even smaller. Bankers are conservative—as I mentioned before—and they will look at the simple equation of the potential cost of a breach compared to how much they are paying to prevent it.
Security groups have to understand the business model of their employer and work within those realities and needs. They need to assess the technologies they have from the perspective of “must haves” and “nice to haves” and make the hard choices. Otherwise, those choices will be made for them on a cost-only basis rather than a cost-to-value basis.
One positive for the operator is that their jobs are very safe. With the scarcity of cybersecurity talent (714,548 U.S. cybersecurity openings at the time of writing), there is—and will be—demand for their services. Worryingly, that number is set to increase. Many experienced professionals could leave the industry in the next 12 months, citing various factors leading to ‘cybersecurity burnout.’
Financial Sector Cybersecurity Compliance Concerns
The financial sector’s cybersecurity efforts face more regulation than any other industry. An international banking organization could potentially comply with requirements from over than a dozen different regulatory bodies (e.g. ISO/IES 27001, NIST, SOX, FFIEC PCI DSS, BSA, GLBA, FINRA, PSD 2, Bill C-11, OSFI, EU-GDPR, GB-GDPR), all with varying levels of obligation. Regulatory compliance can be arduous, but it exists to protect the customer and generally does so well.
However, just ‘ticking the boxes’ doesn’t necessarily result in good cybersecurity. You only need to look at the breaches that continue to happen at some of the most highly regulated companies to know that much. Any cybersecurity strategy needs to conform to the needs of the network it protects and the resources available to the team.
Even the smallest financial institutions are required to follow FFIEC guidelines for good security hygiene. Unfortunately, limited budgets and staff in smaller organizations can lead to the “tick the box” mentality that in itself leads to siloed architectures that create gaps in defenses. The more appropriate architecture will create an interlocking system of technologies that integrate together and enhance the performance and operations of the system.
Relieving the Pressure With Automation (at a Low Cost)
Investment in automation and orchestration is an area where the financial sector’s cybersecurity can still improve. When applied well, automation can take care of the endless menial tasks (sifting through alerts, retrieving logs, identifying malware, etc) that some operators are still performing. Automating responses can help cybersecurity operators spend fewer nights at the office and get back to their families earlier.
The key to increasing effectiveness and efficiency at a lower cost is to create an environment where remediation is automated and contextual data for deeper action is provided in a concise and easy-to-understand format. Just providing the operators more data or events to process is moving in the wrong direction. Automatically remediate the obvious (like interaction with a known bad location) and provide context for further research if required.
In 35 years in the security industry, I have never heard “we don’t have enough to do” from any security team. The problem is the opposite. The industry is experiencing extreme burnout with individuals leaving the profession when even more are needed. Security professionals typically are working in the 60-80 week range in a lot of cases. They need technologies that will give them time back in their day so they can move towards better work/life balance. Giving them more data to process is not the answer. Automation and operational efficiency are the answers, especially in a recession where headcount growth may be unattainable.
The choice to turn down the pressure lies in your hands. Lumu Defender lets SOC teams automate the remediation of confirmed compromise incidents—at a price point that makes it affordable for even the smallest financial institutions. I encourage you to open a Lumu Free account, so you can start to measure the impact of cybercrime across your entire network infrastructure.