Banking and financial institutions are a threat actor’s sweet spot. For one, these enterprises have a vast spread of applications that are in various stages of technology transformation. Some could be legacy, some could be public cloud, and others private cloud. Growing competition from start-up fintech are cornering these incumbents to vastly transform their digital customer experience.
Remote working has also meant access to banking applications outside the hard firewall perimeter of the brick-and-mortar bank by the workforce. Combine this with the fast pace of pandemic induced changes and majority of banking and financial enterprises would have left gaps open in their attack surface, waiting to be plugged, before the entry of a sophisticated threat actor.
While banking and financial enterprises have been grappling with their increased attack surface induced by digital transformation, pressure to innovate by digitally savvy customers, and disruption from the pandemic, a significant realization has emerged on what is the longer-term formula for success in cybersecurity solutions.
Cyber security solutions that can recognize what is the good behaviour of applications, and shut down applications when there is deviant behaviour, are turning out to be much more effective, rather than the traditional approach of detecting malware via signatures, amongst others. Security solutions that treat application workloads as a black box are no longer effective in protecting organisations from being breached.
Inside banking and financial institutions, protection must be layered, and the mindset and culture of cybersecurity must shift to an application aware security approach that is deterministic in nature. Banking and financial institutions are looking for solutions that can protect their workloads rather than solutions that take days or even months to respond. Ransomware defence is increasingly moving away from searching for known malicious code or signature-based blacklisting.
This is the only way to fully protect high net worth customers and confidential data and assets in banking and financial enterprises.
Protecting rather than detecting
A deterministic protection platform (DPP) can be used to secure application workloads, end to end. Such a solution understands all resident application processes and how they are supposed to behave depending on their purpose. DPP can automatically detect any abnormalities within the application software when it is running. This way, it is able to protect any vulnerable application workloads when they are targeted by threat-actors.
This approach to security allows organisations to detect and block known and unknown attacks. DPP can also accurately identify, when a protected workload starts executing code that was not part of the original code and stop any such attack within milliseconds.
To install ransomware, threat-actors must move laterally, from desktops to servers. DPP, in this case maps the sequence of processes and commands by all applications authorised to run on that server and waits for anything that differs. When an unknown sequence of commands shows up, DPP raises an alert and kills the process. With such type of protection, threat actors are unable to perform any type of command and control inside the enterprise.
This proactive approach is much more desirable in comparison to other solutions that simply detect attacks when they have already occurred and can no longer be stopped. DPP reduces dwell time of threat-actors to near zero and blocks threats before the any malicious code can be executed.
The right approach
Last year, the average cost of a data breach in the financial sector was $5.72 million. Financial institutions were in the top five sectors for severity and frequency of cyber-attacks. Financial enterprises will continue to face threats including phishing, ransomware, malware and even SQL injections.
In 2020, 80% of financial organisations reported losses due to phishing attacks. While such an attack seems harmless, the simplest attack vectors tend to have the highest success rate. Going forward, the costs of data breaches will continue to increase, unless financial organisations take the right measures to protect themselves.
Financial institutions value prevention over detection, and DPP will do exactly this. It will detect any deviations from the software’s original purpose and prevent an attack from being carried out.
The only way to eliminate any type of threat is to fully understand applications and software at their core, and make sure they are always running as they are supposed to.