In 2018 banking customers suffered dozens of digital banking shutdowns, revealing the sheer scale of ICT incidents that banks face. This followed the initiative led by the Financial Conduct Authority (FCA) to force UK banks to disclose the number of operational and security incidents that have occurred and brings British financial organisations into line with the EU’s new payment services directive (PSD2).
The IT shutdown data highlighted the frequency of security or operational incidents which impacted banks’ ability to provide a safe, secure and stable service to customers. For banks, revealing this information is both a challenge and an opportunity. Firstly, it can make them vulnerable to public criticism and reputation damage. At the same time, this is an opportunity to demonstrate that they are trustworthy, secure and are keeping cyber resilience top of mind, which is a competitive differentiator.
In most cases, cyberattacks are a matter of “when” not “if”, and one thing is clear from incidents over the past year – cyberattacks and data breaches can paralyse organisations on a national and international scale, creating havoc, resulting in a shutdown of essential services and data loss. Cybercriminals can be located anywhere in the world, and even the best-run company could suffer from an attack or data breach.
Though cyber security is now firmly on the boardroom’s agenda and a priority for the majority of organisations, many still find it difficult to put in place the right measures required to safeguard employees, customers and the organisation as a whole against attacks.
Although banks are making a determined effort to improve their security, attackers continually innovate, making it a landscape of threats that is ever changing and advancing, which means that organisations need to be proactive in implementing and testing their cyber defences
Adopting a back-to-basics approach with Cyber Threat Intelligence
Cyber Threat Intelligence (CTI) can be used as an early warning system to detect and contain potential threats before they become incidents. This intelligence is essential for any businesses as cybersecurity threats become increasingly indiscriminate.
Once you are aware of relevant threats and vulnerabilities, then you will understand where and how these can be exploited and the impact that this may have on the business as well as individuals. CTI gives organisations visibility into their landscape, and identifies which areas need to be mitigated as a priority.
While banks need to be concerned with the next strain of malware, many of the variants will seek to exploit existing vulnerabilities that may have already been patched. A great first step as a preventative approach is combining vulnerability management with threat intelligence.
For example, for the Microsoft Server Message Block (SMB) vulnerability last year, there was a patch available several weeks before it was exploited by serious ransomware variants, enabling organisations to get ahead of the issue.
Awareness of the threat landscape is essential if banks are to understand what could be exploited and utilised for future cyber-attacks. As soon as Microsoft patched the SMB vulnerability, organisations were able to prioritise the patch as they were equipped with contextual threat intelligence data.
Regrettably, there will always be instances where variants of ransomware are successful and it is critical that banks have a robust business continuity and disaster recovery plan, as part of an overarching operational resilience framework. This should include how to respond to such incidents, combined with the ability to quickly restore affected data and systems with minimal impact to operations.
Stay proactive to threats or attacks
With organisations continuing to adopt cloud services, the digital age is seeing an increase in blurred lines for network perimeters. Consequently, there is often data located in various places, making it harder to detect and analyse cyberattacks fast. A reactive approach to attacks is therefore not good enough. In today’s world, cybercrime is inevitable. It is how organisations plan for it however, that makes the difference.
Looking ahead, artificial intelligence (AI) and automation will become critical components in environments that foster a proactive security approach. It requires a blended approach of human analytical skills, underpinned by security automation and orchestration that will be necessary to address real issues such as alarm fatigue.
As the industry faces the reality of the increasing cyber skills gap, automated threat intelligence enrichment for incidents that free up valuable analyst time will be necessary.
Organisations need to be aware of the vast variety of the internal and external channels criminals can use to infiltrate the company and gain access to data and take proactive steps to safeguard it. Ensuring a compliant business environment, that will help protect an organisation, its employees and customers, needs to absolutely be front of mind.
Customer trust has never been so valuable or hard to come by and as such it has never been more important for banks to be open and honest about the incidents they face, and their resilience to such threats. It is therefore paramount for organisations, across industry sectors to collaborate and share information.