Four Challenges and Four Solutions to Improve Resilience
Its no secret that cyber threat actors are hungry for customer data. According to IBM, data theft and leak was the most common impact for organizations that suffered an attack. In addition, a report from Delinea found that data exfiltration was the most prominent motivation for ransomware attacks today.
There are few industries that handle more valuable customer data than the financial services industry. Thus there are few targets more attractive to a threat actor.
Many financial services organizations have substantial amounts of money and assets, which can make them attractive to ransomware attackers keen on going after big game targets. And the interconnected nature of the financial sector means that compromising one institution or commonly used product can lead to broader impacts across the entire industry.
In Recorded Futures recent fireside chat webinar, Navigating Risk: How Threat Intelligence Is Transforming Financial Services, Citizens Bank Cyber Threat Intelligence Manager Lea Cure summed up the complex nature of financial services cybersecurity:
As a financial institution, we have money, we have peoples information. Thinking about how we protect that information is very different from other organizations. The technologies we use and the technologies we use to move money are critical. If those go down, what will we do? What are our playbooks?
In this blog well cover the challenges financial services organizations face, and how for each challenge threat intelligence provides critical context to help defenders be faster, more efficient, and more effective at preventing nefarious actors from stealing their customer data and impacting business operations.
Challenge #1: Supply Chain Attacks
On numerous occasions, prospects and clients across industries have told us that supply chain attacks are a top concern. In our fireside chat, both our client panelists said they felt the same way.
Their concern is certainly warranted, as theres often little that can be done to prevent a supply chain attack. A Gartner survey found that 45% of organizations experienced third-party-related business interruptions over the past couple years.
Outside of the financial industry theres a lot less regulation, especially in the technology service providers area, said Christopher Martinkus, a Threat Intelligence Manager for a North American commercial bank. Thats where you see a lot of these breaches occurring. I know for us, weve seen way more attacks on our third-party service providers than weve seen targeting us specifically.
As an example, threat actors like the ransomware group CL0P focus on exploiting vulnerabilities in file transfer software from Accellion, SolarWinds, and MOVEit. By gaining unauthorized access to files being transferred, CL0P has been able to steal sensitive information, encrypt files for ransom, and use the compromised files for other malicious activities.
Its becoming even more challenging to reduce risk across the supply chain in the as-a-service era. Zachary Smith, Senior Principal of Research at Gartner, said, Cybersecurity teams struggle to build resilience against third-party-related disruptions and to influence third-party-related business decisions.
Solution: Mitigate Supply Chain Risk
Can threat intelligence help organizations be more proactive in identifying risks that stem from their partners and vendors? Recorded Future client Christopher Martinkus thinks its possible to mitigate supply chain risk.
We've actually had it where an alert came through that a third party of ours was listed on a ransomware extortion site, he said, and we were notifying that vendor before they even knew that they were listed there.