Combating Cyber Threats in Financial Services with Contextual Threat Intelligence

Recent announcements of data breaches at Equifax and Deloitte have reinvigorated the cross-sector push for organisations to further bolster their cyber security postures. This remains particularly apparent in financial services where companies continue to fervently invest in the necessary tools and expertise to enhance their security environments. According to a recent report by Corporate adviser Duff & Phelps, 86 percent of financial institutions plan on increasing spend (both in time and money) on cybersecurity in 2017, which is double that of the previous year.  However, between the many types of organisation that fall under the financial services umbrella, the rate of investment in cyber security capabilities has not been equal.

Similar to retail and investment banks, brokers, investment management companies and private equity firms, equally deal with large volumes of sensitive data, and in the wrong hands, this data could be used for illegal gain. These companies tend to be less mature, have smaller security environments, fewer experts and are therefore more vulnerable. Often they are used as a training ground, where threat actors can leverage relatively unsophisticated tactics, techniques and procedures to reach their goals.

Banking institutions have long recognised the need and importance of a strong security posture, to both protect their assets and reputations. Arguably they have the deepest pockets and the broader, better paid pool of internal expertise. Unsurprisingly they lead the way in terms of the depth of investment and the array of technologies implemented, as well as their strategy and experience.

To ensure they remain ahead of the cybersecurity curve, the big banks understand the need for a proactive stance. They appreciate the necessity of having contextual intelligence of the external environment to identify suspicious activity before it even enters their networks. By investing heavily in Security Operations Centres (SOCs) with dedicated, highly skilled teams and automating and integrating threat intelligence more efficiently, they have ensured that their security environments are optimised. They also recognise the value of collaboration and the need to form trusted circles to enable the two way flow and sharing of this intelligence. Almost all are affiliated with the large Information Sharing and Analysis Centres (for example the FS-ISAC or the recently launched UBF-ISAC), where intelligence from multiple sources is shared and analysed by multiple parties, to support defensive actions for the community.

Investment management and private equity companies need to take note and implement steps to bolster their cyber defences. Many face similar challenges and grapple with the familiar questions:

• Whether to outsource their cyber security initiatives to a Managed Security Service Provider (MSSP), or build a security environment and expertise internally
• Assessing if the volume of sensitive data they have is more at risk if held externally or internally
• Is the data more secure on-premise or in the cloud? Banks are still having this debate and many are embracing the cloud, but others see it as potentially exposing more vulnerabilities
• Having the right people that can digest and gain value from threat data if firewalls, SIEMs and other tools are invested in

Smaller institutions are under pressure to display a secure cyber posture and match the capabilities and expertise of larger financial institutions. They must do this, or risk a potential drain of capital from their investment vehicles to larger, more secure and capable competitors. Increasingly, alongside the traditional questions of performance, the question of security is at the forefront of the minds of all investors. Whether they be sovereign wealth funds, pension funds, other institutional investors, or individual retail investor, all will be asking if their choice of company is at risk from a cyber security perspective. There is a well-documented skills shortage in the cyber security space, likely compounding the issue and driving companies down the route of outsourcing in the short-term.

Small IT teams struggle to aggregate and interpret incoming threats, as the sheer volume of information overwhelms their capabilities. The 2017 Value of Threat Intelligence: Ponemon Study, found that 69 percent of respondents felt threat intelligence is often too voluminous or complex to provide actionable information. In order to address this, organisations need a combination of the correct platform to collect, cleanse and contextualise threat feeds, as well as expertise to analyse and develop appropriate actions. And should look at dedicating resource and creating specialised teams who can constantly monitor their own environment.                                                             

Employing a full-time analyst on staff may not be necessary in the first instance and the threat intelligence function may simply be a special function within existing teams. Training can be done via teaching individuals on threat intelligence principles and involving personnel in daily intelligence generation and analysis, as well as other resources, such as webinars and videos, to continually ensure that they can be as effective as possible. While employing a threat intelligence platform can help to aggregate, remove false positives, de-dupe, and contextualise data, enabling teams to consume and action upon collated data. This can then be compared and made relevant with human insights and geo-political influences.

Small institutions need to realise that they are just as vulnerable as larger businesses, if not more so. The number of threat actors and Indicators of compromise (IOCs), are on the rise and having the right combination of tools and expertise and collaboration with peers is essential. A robust cybersecurity posture is possible to achieve and fund, investment and asset managers need to act now to ensure their own protection from the potential financial and reputational consequences of a breach.

Written by Alexander Beattie Sales Director UK & Ireland, Anomali