Three new security strategies for financial services
Financial institutions are known for having the most robust security measures of any industry. Still, in a recent survey, Skybox Security’s “Cybersecurity in the new normal” report found that 68% of banking and financial executives are concerned their distributed workforces have introduced new risks. This is higher than in any other sector.
Executive concern is well-founded. VMware found that cyberattacks against the financial sector increased by over 200% from February to April 2020 amid the COVID-19 surge. Even with best-of-breed point solutions and strict policies to dictate security standards, new types of emerging security issues threaten the financial services sector. According to Accenture, “emerging technologies, especially deepfakes and 5G,” are advancing cyber threats in the industry while its “supply chains introduce increasingly connected attack surfaces”.
In addition to contending with the threat landscape, chief information and security officers (CISOs) in financial services have increased complexity and risk when implementing changes in their environments. In particular, the shift to a remote workforce practically overnight necessitated a significant number of policy and infrastructure changes. All aspects of changes must be carefully considered and documented due to the increased regulatory and compliance scrutiny and risk associated with those changes. For financial institutions, continuous compliance is a “must-have” rather than a “nice to have”.
Continuous compliance remains a challenge because many organisations lack contextual data and understanding from both security and network infrastructure to validate changes properly. As security teams scramble to determine which new rules and policies are required, they can fail to incorporate existing network topologies and configurations into their analysis before implementing new policies. This, combined with siloed vulnerability and policy management technologies, contributes to new policies and rules not being properly validated, vulnerabilities being exposed, and new systemic risk being introduced.
Here are three strategies that can help:
- Get a full understanding of your attack surface before making policy changes.
With COVID-19, the shift to digital transactions and remote work has dramatically expanded the attack surface. According to a Skybox Security survey on securing the distributed workforce, only 17% of security executives at financial service organisations feel “very confident” in their ability to maintain a holistic view of their attack surfaces. Traditional approaches are falling short: data is often isolated between solutions from multiple vendors, providing only fleeting glimpses into overall security posture.
Developing security policies and rules without first understanding the complete context of changes relative to the attack surface increases the likelihood that new risks will be introduced. Before developing and implementing new rules and policies, both security and network teams need to gain an end-to-end understanding of their attack surfaces to analyse the impact of all potential policy and rule changes.
- Validate policies and rules with full network context prior to implementation.
The remote workforce, new regulations, data migration to the cloud, and a diminishing perimeter means rapid and continuous changes in policies and network configurations. Without validating changes with full context across the organisation, changes and deployment of new policies can introduce significant new risks.
Validating security policies and configurations across hybrid networks before they are deployed is key to minimising risks. Automated closed-loop workflows for firewall rule creation, recertification and de-provisioning help close security gaps, limit vulnerability exposures, and maintain continuous compliance. Proactive firewall rule change assessment and guidance enables effective prioritisation.
- Proactively simulate policy changes to verify they do not expose vulnerabilities.
Vulnerabilities across the network are often unintentionally exposed when new rules and policies are implemented. Establishing a security posture management approach that incorporates network context and wide-ranging remediation options, combined with policy change validation, is crucial for securing everchanging environments. Security teams can make informed and focused action with vulnerability insights and closure to re-configure policies that narrow the overall attack surface.
Through conducting exposure analysis and attack simulation, security teams can gain insights from network topology and security controls that protect or expose vulnerable assets. This enables teams to prioritise addressing exposed vulnerabilities that require immediate attention and determine which remediation option is the best approach (patching is not always the best answer).