As you may expect, the financial services industry is a prime target for cyber-criminals. According to the Sovereign Business Integration Group, the financial sector experiences 300% more cyber-attacks than other industry. Last year alone there were 2,356,000 reported cases of bank account fraud. In the age of digitalization, an increasing number of payment services are being pushed online. We bank online, shop online, pay our bills online, and we may soon be paying our taxes online. The attack surface is growing, and financial service providers must step-up their game to ensure that their systems are secure.
In 2017, Lloyds Banking Group suffered a 48-hour cyber-attack as cybercriminals attempted to block access to 20m UK accounts. Additionally, HSBC suffered a denial-of-service attack as customers were unable to access their online banking for the second time in a single month. As I’m sure you already know, the GDPR will soon come into effect (25 May 2018). To save themselves from the fine of €20 million or 4% of their global turnover (whichever is higher), financial service providers are naturally concerned about the robustness of their security strategy.
Ultimately, education is key. Employees will need to be sufficiently trained with regards to data management, compliance regulations, and know how to destroy/dispose of redundant assets securely. Additionally, financial firms will need to collaborate more. They need to understand that they are in it together. As they say, “an attack on one is an attack on all”. They will need to share knowledge about threats, pool their resources, and collaborate on security projects, with which they can all benefit from.
The responsive approach to cyber-security has to be shifted to a preventative approach. For example, historically, following a data breach, firms would carry-out a forensic analysis of the breach and adapt their systems accordingly. While it is still necessary for firms to have an incident response plan in place, which includes protocols for investigating the breach, they must do everything they can to ensure that the breach does not happen in the first place. They will need to build systems that use a combination of artificial intelligence (AI) solutions, adaptive threat analysis systems, and real-time event detection and management solutions.
Since insider threats are still the number one cause of data breaches, financial firms must implement a sophisticated suite of real-time auditing solutions, such as LepideAuditor offered by Lepide. Using this solution, you can detect, alert and respond to changes made to user accounts, mailbox accounts, critical files, folders, and other objects. You can also detect and manage inactive user accounts, spot anomalous logon failure, and automate the process of reminding users to reset passwords.
Additionally, LepideAuditor is capable of generating over 300 pre-set reports to help with meeting regulatory compliance requirements. Finally, you can use the “threshold alerting” feature to detect and respond to anomalous bulk changes. It can be especially useful for detecting those attacks such as ransomware which make rapid changes to the data and changes in the configuration of server components.