By Matthew Gould | Security Consultant at Nettitude
As our world advances, so does technology and the demand for easier access to the services we use and depend upon throughout our daily lives. Services which are provide by you as an organisation, whom your clients put their trust in to ensure their personal and financial data is protected. Along with the ever-changing technical landscape comes the inevitable race organisations are faced with to remain up to date and secure. As systems increase in size and complexity, so does the strain on resources and the ability to effectively safeguard your systems and the sensitive assets they retain.
Cyber-attacks on banks & financial service providers in recent years have become more prominent. Cyber criminals have evolved with the times and use ever more sophisticated tactics to target organisations. It is not uncommon to hear of well-planned and organised digital campaigns which make use of attack vectors such as spear phishing, or the distribution of highly sophisticated malware, which is designed to fly under the radar of threat detection software. These cyber criminals learn and evolve with the times, and the only way to protect against the threat they pose is to evolve your organisation's security measures to withstand and combat their attacks.
Do you satisfy the NIST Cybersecurity Framework's five functions?
Ask yourself this: Does your organisations current security measures satisfy the following five functions in the event of a cyber-attack?
- Identify – Understanding the cybersecurity risks to your systems, employees, assets, data and capabilities.
- Protect – Having adequate safeguards in place to prevent, contain and limit the impact of a cyber-attack.
- Detect – Having systems, software and procedures in place which can effectively identify and alert to a cyber-attack.
- Respond – Being able to react too and contain a security incident in an appropriate and timely fashion.
- Recover – Have appropriate redundancy’s in place to be able to swiftly restore business capabilities in the event of a security incident.
What steps can an organisation take to protect themselves from cyber-attacks?
Without well planned and implemented cybersecurity measures, your business and sensitive data is at risk of compromise in the event of a successful cyber-attack.
The following are six ways in which an organisation can protect themselves from hackers in the banking sector.
- Assess Your Bank’s Infrastructure and Its Cybersecurity
The infrastructure which hosts your applications and enterprise systems, holds your business data within its databases and serves as the foundation which ensures your business and services are running smoothly on a day-to-day basis, it is of key importance both to business requirements and to maintaining the security of your most sensitive assets.
The enterprise Infrastructure should not only be capable of hosting your current business requirements but should also be designed with the future in mind, allowing for seamless upgrades to add more capacity as the business grows, but more importantly for security. An infrastructure should allow your network and security teams to react to security incidents in a timely fashion and provide uniform system maintenance, configuration and software patching, to protect against developing cyber threats.
To ensure your infrastructure is secure and in compliance with industry best practice and standards, it should be regularly reviewed both internally and from 3rd party security assurance providers, which will provide insight into areas where the security of your enterprise environment can be improved and in turn help protect against cyber threats.
2. Establish an Enterprise-wide Security Policy
A Security policy defines for an organisation and its enterprise systems what secure should look like it handles the standards for what is considered secure behaviour. Security policies can be very in-depth and cover multiple areas of the business estate and its security landscape, in this case Cybersecurity. This section highlights some examples of what could be included in a policy.
When defining a Cybersecurity policy for a bank, with a security mindset you should prioritise the areas or assets of primary importance to the organisation, such as handling sensitive or regulated data. Each primary asset should be reviewed and a plan for how to properly handle and secure the asset should be clearly defined so that the asset is secured against risk and each employee who requires access to that asset has a clear understanding of the process which should be followed.
Furthermore, a policy should be made to cover access management for assets which follows the principle of least privilege, ensuring that no one individual has more permissions or access than they require to perform their role, to help prevent malicious or damaging actions and other security incidents which can occur from incorrect access or human error.
The policy could also be used to assist in security awareness training to educate and remind employees of the approaches and techniques that threat actors adopt within social engineering attacks, which is an important factor for any organisation. A high number of breaches occur due to security unaware employees being targeted by hackers, via social engineering attack vectors such as phishing.
The security policy should also incorporate any regulatory and enterprise compliance requirements, including when to apply patches to maintain compliance, which ties in with point 1. above regarding infrastructure and software patching.
3. Implement Logging and Monitoring
Logging and monitoring are essential to ensuring a business can react quickly and effectively to security incidents. It provides an auditable trail which can be used by your security team to assess the situation and isolate the cause. Without adequate logging and monitoring an attack could go undetected and in the event of compromise, forensic investigation could be hard if not impossible to accomplish.
An organisation could choose to perform in house logging and monitoring using a vulnerability management tool which can help automate threat detection and provide alerts if an incident is detected, this option does have maintenance overhead and is considered less effective than outsourcing to a professional managed security service provider.
A professional managed security service provider, such as Nettitude could handle the security logging, monitoring and scanning of your enterprise estate, removing the maintenance overhead. Some benefits of using a managed service provider include 24-hour monitoring and incident response by trained professionals which will detect and assist in dealing with any alerts, and respond to incidents in real time before or as they occur. The service will also provide a dedicated incident response team who in the event of a catastrophic security breach or severe security incident will be able to work closely with your organisation to isolate and remediate the threat and mitigate any potential fallout, as a result of the bank’s information security breach.
4. Create a Disaster Recovery Plan
In the event of a disaster be it caused by environmental factors, a security breach or anything which may prevent your business from performing its day-to-day business needs, consider what procedures or redundancy you have in place as an organisation to prevent downtime and continue conducting business.
Having a well thought out and implemented disaster recovery plan will help to avoid data loss and minimise business downtime in the event of a disaster which causes disruption to your services. A disaster recovery plan is an essential part of a business continuity plan and it applies to the areas of an enterprise environment which depend on IT infrastructure for business needs.
At minimum, a disaster recovery plan should incorporate guidance for system redundancy which can readily take on the business workload in the event of a main system failure. Further to this for adequate data protection regular encrypted backups of data should be performed, these should be either stored securely in the Cloud or if using physical media, the devices should be stored in a secure, off-site location. Methods for performing data backups vary based on business needs what’s important is that regular backups are performed.
5. Encrypt Your Data
Data is one of the most important assets for any organisation and in turn a high value target for threat actors. Ensuring strong encryption of your data and protecting the decryption keys is an essential part of data security and ensures this valuable and sensitive asset is secure from compromise.
When properly encrypted using a strong, secure encryption algorithm such as, Advanced Encryption Standard (AES) even in the event of a critical security breach or theft your data will be inaccessible without the associated decryption keys. Protecting the data’s, your organisation’s and your client’s confidentiality and integrity.
Encryption within your organisation should not stop at data, you should be adopting encryption for all sensitive digital assets and using it to secure communications between clients and servers, to prevent data loss and compromise within your estate.
6. Implement Multi Factor Authentication
A user account in this case linked to a bank account from the outside looking in, is only as strong as the account security which can be incorporated onto it. The login functionality of your banking website or banking mobile app is publicly available, which means it is one of the most reachable and attractive targets for an attacker. So, it would make sense to implement as much cybersecurity for the bank as possible to this high-risk area.
MFA is intended to mitigate single point security failures and add an extra layer of protection for user accounts. By adding a secondary method of authentication such as, a one-time password, an authenticator app or in the case of modern smart phones the use of biometrics, an attacker is less likely to be able to compromise an account should they obtain valid credentials. Microsoft has stated that 99% of data breaches would not have occurred if MFA had been implemented.
Banks should be enforcing the use of MFA for all user accounts, this should be coupled with other good account security practices such as, a strong password policy and account lockout policy, to reduce the risk of account compromises.
Security and online banking threats & countermeasures are never simple subjects and are the root of many concerns, when it comes to sensitive data and assets. Especially since the introduction of GDPR which focuses on the protection of consumer data. A security breach can come at a hefty cost to an organisation resulting in regulatory fines, reputational damage and in turn loss of business.
Now you should have some insight into the challenges which banks and other organisations are facing in securing themselves against cyber threats and have an understanding of ways in which you can improve your organisation's security measures, to meet the growing demands of this technology driven world.
Find out more on how to prevent cyber-attacks in the banking and financial industries, with expert advice from the Nettitude team.