According to a recent report by IBM X-Force, the financial services sector experienced the largest number of cyber-attacks in 2016. 58% of these attacks were caused by insiders, although only 5% of insider attacks were malicious. Of course, external threats, which account for 42% of attacks, still represent a significant threat. Either way, steps must be taken to help minimise the risks. Below are some of the key steps financial firms can take in order protect their sensitive data:
Classifying data based on its relative importance/sensitivity is essential. For example, data associated with trade, investment, internal research, customer accounts and other procedures, should be classified accordingly.
Ensure proper staff training
As mentioned, the majority of cyber-attacks are caused by insiders. As such, establishing a comprehensive training program is essential. Employees must fully understand the nature of phishing/social engineering, and the correct way to handle data.
Security before workflow
As a starting point, you should restrict the use of portable devices and adopt a process to ensure that redundant data and inactive user accounts are removed in a timely manner. Using sophisticated real-time event detection and reporting software such as LepideAuditor, you can detect inactive user accounts and automate actions, such as removal, movement or modification. You will also need to review the security risks associated with installing new applications, using third-party service providers and more.
Perform regular patching
Using buggy/out-dated software is obviously a big security risk. It is essential that you have a process in place that enforces timely and periodic patching of devices in the workplace. Also, you will need to document the process, including the date/time and the individual responsible for applying the patch.
Incident response plan
Let’s face it; the chances are, you will get hacked at some point. In order to limit the damage caused by a security breach, you must have a plan in place to deal with the breach in a fast and efficient manner. You must also test/rehearse the plan regularly to confirm its effectiveness. LepideAuditor lets you create an Incident Response Plan. It notifies you in real-time through email or the LepideAuditor App about any critical changes in the server components. You can select to run your customized script upon encountering an unwanted change. For example, you can select to execute a script to disable a user who has deleted multiple files. The inbuilt Object State Restoration Technology lets you restore changes made in Active Directory Objects and Object Permissions and Group Policies.
In addition to patching, it is important to periodically scan your network to identify security holes, including endpoints and unauthorized devices that could be exploited by an attacker.
Enforce “least privilege” access
You will need a process in place which allows you to keep track of user privileges, identify when those privileges change, and when they should be revoked. For example, if someone leaves the organisation or moves to a different department, it is imperative that their access rights are revoked/updated immediately to prevent misuse of those privileges. Again, using LepideAuditor, you can show current access permissions, and automatically detect, alert and respond to important changes made to those permissions. You can also use LepideAuditor to reverse the changes in Active Directory users’ permission to an ideal state to keep your policy of least privileges intact.
Operating system “hardening”
Operating systems come with all sorts of software and services that are not only unnecessary but also present a security risk. It is important to remove/disable all apps and services that do not provide any operational functionality. Likewise, any default passwords must be changed immediately.