[ad_1]
The International Monetary Fund has warned that financial institutions around the world must be prepared for increased cyber threats. Due to the nature of financial services, the sector is seen as a lucrative target, with identity theft and credential compromise emerging as key vulnerabilities. CrowdStrike’s Scott Jarkoff shares five steps to building a robust defense.
The financial services industry is a frequent target of nation-state threat actors who are defined by their political motivations. To understand the reasons behind this, we need to consider the key goals of nation-state actors.
For example, CrowdStrike’s threat team has identified patterns where Chinese threat actors align their actions with China’s national five-year plan. The goals of CCP-backed threat actors include stealing intellectual property and gathering foreign intelligence in order to exert power and influence over other countries.
Similarly, nation-state actors from North Korea are tailoring their attacks to the goals of the National Economic Development Plan and specifically monetary gain, through targeted attacks on cryptocurrency exchanges and fintech companies with ready cash.
At worst, nation-state cyber actors can also target critical infrastructure such as transportation systems, airports, and major banks, crossing the cyber landscape and potentially bringing cities to a standstill with access to connected industrial facilities.
For leaders of financial services institutions, the threat of attack is real. So how can leaders mitigate cyber risk? Five key steps to take:
1) Deploy comprehensive cloud-native technology to deliver mission-critical visibility
Financial services organizations need cloud-native security solutions that provide end-to-end visibility and protection across multiple environments, including on-premises and cloud infrastructure.
In addition, comprehensive cloud-native technology equips the organization with modern applications designed to reduce time-consuming operational tasks, empower systems with agility and speed, and remove blind spots for greater network visibility. This creates a holistic view of the network and removes the need for organizations to rely on disconnected and siled resources, making everything clear to teams.
2) Augment technology with human-led threat hunting
Deploying threat detection capabilities increases the benefits of visibility by providing information to recognize typical behaviors and patterns of cybercriminals – enabling organizations to detect potential threats and intervene before a cyber attack occurs. Knowing an adversary’s common behavior patterns also allows cyber leaders to identify a known adversary much more quickly, leading to faster detection and response.
Leveraging both human-driven threat detection and advanced technology can provide businesses with peace of mind and 24/7 protection. It is important to note that while AI is extremely advanced, there are some gaps where continuous human oversight and contextual understanding is required to maximize protection.
3) Secure your identity
Organizations are under pressure to ensure the security of their enterprise infrastructure and assets, including data. As adversaries increasingly leverage stolen employee credentials, modern identity protection and management tools must be built into the entire organization to mitigate this threat.
Organizations can use cybersecurity measures such as multi-factor authentication, identity and privileged access management, and user behavior analysis to detect and prevent unauthorized access attempts. This will also allow legacy users who need access to a wide range of digital resource authorization to access important documents without needing separate authentication systems and identity stores to perform their tasks.
4) Focus defensive efforts on adversary behavior
Businesses can increase the effectiveness of their cybersecurity efforts by adopting an adversary-centric approach. Once a specific adversary is detected, smart systems are then able to respond in a strategic way that eliminates the adversary while alerting and protecting the entire enterprise.
By tracking and correlating different data sources from around the world—such as network traffic, endpoint telemetry, and threat intelligence—organizations can identify patterns and anomalies associated with malicious activity before it ever reaches their country. This proactive approach enables better detection and response to emerging threats before they can cause significant damage to the organization, customers and wider supply chains.
5) Know your opponent
According to CrowdStrike research, there will be a staggering 130% increase in nation-state intrusions into Asia Pacific and Japan financial services entities by 2022. As the saying goes, “know your enemy,” organizations must understand the different types of threat actors. , ransomware groups and cyber adversaries they may encounter.
This intelligence allows leaders to better understand the motivations behind a cyber attack, such as monetary gain, political disruption, espionage or identity theft. For example, last month the pro-Russian hacking group Killnet targeted the European Investment Bank’s cross-network infrastructure to destabilize the European financial system, including Western countries that continued to provide financial aid to Ukraine.
About the Author: Scott Jarkoff is Director of Intelligence Strategy for Asia Pacific, Middle East, Turkey and Africa at CrowdStrike.
[ad_2]