The financial sector continues to be one of the most heavily attacked industries, so it makes sense that it consistently spends more than others on cybersecurity. Bank of America, for instance, claimed just last year that it spends more than a billion dollars a year in cybersecurity. Much of that, no doubt, inspired by the 1,300% increase in ransomware attacks.
Cybercriminals are targeting more banks with ransomware attacks because they know most banks and their wealthy clients can afford to pay the hefty ransoms to keep their personal details private. It makes sense then that the industry is willing to spare no expense to ensure the sensitive information of rich and powerful clients remains private even in the event of a cyber attack.
A new generation of cyber threat intelligence (CTI) and network inspection tools have helped in this fight by providing better visibility of the evolving threat landscape. But visibility isn’t enough. All of these threats need to be analyzed and ranked either by machines or humans, so decisions can be made about how to deal with them.
Someone or something, rather, has to aggregate, filter, correlate, and rank them before taking action. Many are mistakenly identified as threats or are considered harmless, while others are ticking timebombs ready to explode. And the sheer volume of new and existing threats makes this process increasingly difficult to keep up with.
This is a challenge even for companies with security budgets large enough to acquire the best tools and hire a team of skilled threat analysts. Having the latest technology helps, but the best intelligence is only as good as the team’s ability to use it. Moreover, with most solutions focusing on identifying and stopping threats from outside the network, how can a financial institution make sure it’s providing the same level of protection from potential threats coming from within the organization? Operationalizing threat intelligence is the key.
According to the most recent Data Breach Investigations Report from Verizon, 44% of the breaches at financial firms were caused by internal actors. While the majority of incidents by internal actors were accidental, a capable CTI solution certainly would have recognized the Indicators of Compromise (IoC) related to these accidental incidents to help prevent them. So either these companies didn’t have a solution in place, or the intelligence wasn’t acted on to prevent the breach.
For their part, next-gen firewalls and other advanced network inspection tools are limited for two primary reasons. First, creating new rules for every evolving threat signature is increasingly difficult to keep up with, especially with malware variants multiplying so rapidly. Second, traffic inspection can only be done on unencrypted data packets, but the decryption/re-encryption process is very resource-intensive and can quickly overwhelm the devices doing this. The fix, of course, is to continue spending money on bigger devices or simply adding more of them. As you can imagine, that can get very expensive from a hardware perspective and a management perspective.
Another option that IT teams often default to is foregoing these larger devices and instead using their existing solution to set arbitrary thresholds to determine which potential threats get blocked and which don’t. IT teams often let less risky traffic through because blocking it often means blocking legitimate traffic that was incorrectly flagged as malicious traffic. This is the tradeoff teams make everyday ‒ do they block all lower-risk traffic or err on the side of maintaining application performance?
If a bank or insurance company is large enough to afford a full team of threat analysts on their SecOps team, they can be much more efficient in blocking the right traffic and reducing the exposure to seemingly innocuous threats. But we know most organizations don’t have that luxury with 95% of security professionals admitting that the skills shortage in their organizations continues to be a big problem.
When you consider this and the fact that 44% of the breaches in the financial services industry were caused by internal actors, you can understand why traditional threat intel and network inspection solutions are not preventing attacks many consider to be totally preventable. The volume of alerts produced by these solutions is simply too much to analyze. Plus, the alerts are reactive in nature and designed to help analyze incidents after an event has occurred. A better solution is to prevent incidents from happening in the first place.
Centripetal CleanINTERNET goes beyond traditional cyber threat intelligence with a fully managed service that automatically shields malicious inbound and outbound traffic from an organization’s network. In addition to its automated shielding, the service includes an elite team of threat hunting specialists that provides real-time protection through advanced threat detection (ATD).
This type of cyber threat intelligence as a service greatly reduces the tremendous noise and false positives that regularly consume cybersecurity teams and helps overcome the persistent cybersecurity skills shortage. What’s more, by reducing all bad traffic from the network, the CleanINTERNET service shrinks the volume of events, alerts, and log data of firewall, IDS/IPS, and SIEM platforms by up to 70%, boosting the efficiency of existing security defenses.
If you’re a bank or financial firm concerned about adequately protecting you and your customers, maybe it’s time to consider cyber threat intelligence as a service.
We can show you how CleanINTERNET has helped smaller, midsized organizations like yours not only improve their cybersecurity but also reduce the cost and implementation traditionally associated with advanced threat protection.
Contact the Centripetal Sales team here for more information.