OFFICIAL PUBLICATION OF THE WEST VIRGINIA BANKERS ASSOCIATION

Pub. 13 2022 Issue 4

Why A Holistic Approach to Cybersecurity in the Banking Industry Is Beneficial

In the growing digital landscape, cyberattacks have become more prevalent, sophisticated, and damaging. For businesses relying on a strong working network, the cost of a cyberattack has never been higher. In 2021, IBM estimated that organizations spend more than $4 million on average for each ransomware attack or
security breach.

One of the sectors most affected is the banking sector. Due to financial institutions owning private, proprietary information and data linked to consumer finances, they are a prime target for cybersecurity attacks. The top threats currently impacting the financial sector are ransomware, phishing, and Distributed Denial of Service (DDoS) attacks.

According to a study from Kenneth Research:

  • There were more than 105 data breaches in the banking/credit/financial sector in the U.S. in 2019.
  • From 2020-2021, the finance sector witnessed over 225 incidents of web application attacks.
  • Phishing attacks in the finance sector during the first quarter of 2022 were more than 23%.

Faced with multiple threats, organizations – especially those in the banking industry – need to rethink their cybersecurity to ensure they can collect, correlate, and analyze security information from all IT systems and networks, enabling rapid detection and remediation.

Cybersecurity Solutions

Solutions that could mitigate these cybersecurity issues are:

  • DDoS Protection: Distributed Denial of Service (DDoS) attacks can strike at any time with potentially devastating effects to your network. At a minimum, these assaults compromise your user/customers’ experience and can often shut down networks completely, resulting in lost productivity, revenue and costly bandwidth charges. With these attacks becoming a regular threat to the online business community, it pays to be prepared. DDoS protection prevents these crippling attacks before they hit your network in real time to prevent disruptions and the possibility of cybercriminals demanding a ransom to restore service.
  • Private Networks and Fiber Infrastructure: Public networks require encryption, a necessary overhead that reduces speed but a private network internet provides the resiliency necessary to ensure data integrity and is completely isolated from the public. Data that moves across a dedicated private network is not accessible to anyone outside the private network while in transit. Enterprise banks can also benefit from the added security of private fiber infrastructure depending on their chosen regional carrier.
  • Outsourcing a Security Operations Center: One of the biggest decisions companies face is whether or not to build, deploy and maintain an in-house security operations center. Companies will quickly understand that outsourcing this service will benefit them in cost savings and simplify the need for expertise, ongoing resources and future exposure possibilities. Security Operations Center as a Service (SOCaaS) provides a Security Incident and Event Management (SIEM) platform and an expert-staffed team of advanced analysts, security engineers, threat hunters, and threat intelligence managers. Both can actively monitor devices on the network edge increasingly exposed by cybercriminals getting through traditional obstacles like firewalls and antivirus software.

Consider a Hybrid IT Architecture: Utilizing colocation by partnering with a reputable regional data center provider with a private infrastructure, complies with regulatory security requirements and more will help protect your data.
Cyberattacks are more advanced than ever, and yesterday’s preventative tactics of simply using firewalls and antivirus software are no longer adequate. Malware can be attached to emails, banner ads, or websites and can provide access to a company’s network through an internal device. Intrusion detection and prevention systems (IDS/IPS) alone are
not enough.

What Should Banking Leaders Do?

The number of unfilled cyber positions is kind of staggering, and finance – particularly banking – is one of the more competitive verticals, so banking executives are likely looking for people. They are also facing increasingly more stringent requirements to obtain cyber insurance or to comply with the Gramm-Leach-Bliley Act (GLBA) and Payment Card Industry (PCI) requirements. In addition, partner financial institutions may add additional cybersecurity requirements to participate in these partnerships (smaller regional banks will feel this in particular).

What Should be Done Internally as a Company

Create An Effective Incident Response Policy: A cyber-incident response plan is critical. Not having a formal plan that includes in-house security experts and tools will cause confusion and difficulty in navigating a security incident. Plans may depend entirely on internal resources for large financial institutions. For small institutions having a reputable cyber incident response organization on retainer would be best. Regardless of organization size, regular review of the response plan and annual full tests, including tabletop exercises, should be required. Finally, a comprehensive risk review and assessment should be completed and shared with the leadership team and, where appropriate, the board of directors.

Employee Training: Providing educational training to teach employees the variety of attack vectors can offer a robust defense against cybersecurity attacks.

Implement Monitoring and Analytics Tools: Security leaders can implement monitoring and analytics tools that provide detective and corrective controls, including security information and event management (SIEM) and user and entity behavior analytics (UEBA) tools. These tools can provide specific indicators of compromised passwords, including concurrent logins from different locations or unknown endpoint devices that can assist detection.

Overall, downtime due to data breaches or non-compliance can cripple a business, causing financial issues and impacting one’s business operations. Relying on firewalls and antivirus software is no longer enough to protect an organization against threats – a holistic approach to cybersecurity is needed. The solutions and steps mentioned above will help provide a well-rounded approach to getting effective cybersecurity within the banking industry. 

Jim Mundy is the Director of Security Operations at Segra. Before joining Segra, he worked as a Sales Engineer, Sales Engineering Manager and Product Manager for companies in the telecommunications and managed service provider space. Jim is a Certified Information Systems Security Professional (CISSP) and has recently held Cisco professional-level network and voice certifications. He has also worked as an entrepreneur – starting an ISP, PaxNet, in Greenville, South Carolina, which he later sold to NewSouth Communications. Jim began his telecommunications career in a family-owned cable television company.