• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity

    How to use preemptive cybersecurity to defend against emerging financial services threats

    Nov. 18, 2024
    Financial services businesses cannot afford to let unauthorized software, vulnerable endpoints, mergers and acquisitions, and unmonitored security controls put them at risk.
    Credit: Vertigo3d
    The need for this proactive approach stems from the inherent limitations of reactive security models. Traditional security focuses on responding to attacks after they occur, often resulting in significant damage and disruption.
    The need for this proactive approach stems from the inherent limitations of reactive security models. Traditional security focuses on responding to attacks after they occur, often resulting in significant damage and disruption.

    The world’s financial system is under attack thanks to evolving and pervasive sophisticated cyberattacks. The International Monetary Fund (IMF) recently reported that the financial sector remains a top target for cybercriminals. Over the past 20 years, nearly 20% of reported cyber incidents have affected the global financial sector, adding to losses of $12 billion.

    Ransomware attacks are not just a growing concern; they are skyrocketing. From 2021 to 2024, the proportion of financial institutions affected by ransomware dramatically increased. In 2021, 34% of financial businesses reported being targeted with a ransomware attack. By 2024, that number had nearly doubled to approximately 65%.

    With figures like this, any business operating in the financial sector is at risk of facing significant economic losses. The potential consequences are dire:

    • These attacks are far more complex, particularly for organizations lacking appropriate defenses. Resulting consequences can include liquidity issues, tarnished reputations, and possible insolvency.
    • It's crucial to remember that no business operates in isolation in the financial sector. The inherent interconnectedness means a breach at one company can trigger a chain reaction, spreading to others and potentially causing significant economic instability. This underscores the collective responsibility we all share in maintaining robust cybersecurity measures. 

    Given the escalating risks, businesses have rightly invested in advanced defenses. But the question remains: are these measures sufficient? Let's delve into five critical areas that demand our attention and investment.

    1. High-Stakes Environments

    If you’re looking for hotbeds for unauthorized software, look no closer than the trading floors and analysis departments. Employees always search for the latest new tool and often install solutions bypassing normal vetting processes. Think custom-built analysis tools, unauthorized trading algorithms, and third-party data analysis software. Let’s not forget that many employees are also using their devices. Whatever the case, businesses should consider using high-risk software detection solutions to identify potential threats created by these solutions and open the company up to potential data leaks and regulatory violations.

    1. ATM/Point-of-Sale

    ATMs and point-of-sale (POS) systems are the forgotten frontier of financial cybersecurity. These distributed endpoints are prime targets for both physical and remote cyberattacks. This could include attaching devices to the ATM (e.g., Raspberry Pi) or installing malware in a machine using a USB device. Whatever the case, what’s needed are solutions that marry vulnerability management, configuration checks, and control validation to ensure critical security measures are not just installed but actively running on these systems.

         3. Mergers and Acquisition

    According to PKF O'Connor Davies, 15,440 M&A deals were completed in North America in 2023. M&As are massive undertakings that involve the melding of many moving parts. If that wasn’t enough, the teams in the trenches face incredible time and financial pressures along the way, which place the focus mainly on areas such as legal finance operations and business contracts. 

     As a result, cybersecurity often takes a back seat, and when addressed, companies often rely on traditional assessments. The solutions are limited, and security teams ultimately struggle to promptly identify potential vulnerabilities as they merge different systems, protocols, and technologies. Companies should consider solutions that support a more dynamic and preemptive strategy for managing cybersecurity risks and exposures, such as an adaptive exposure management approach that can thoroughly evaluate a target company's security posture and save companies millions in post-acquisition remediation costs.

         4. Active Security Controls

    Active Security Controls such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) offer real-time threat detection and mitigation; their reliance on signature-based detection leaves them vulnerable to zero-day exploits and novel attack vectors. The common "set it and forget it" approach to IDS/IPS management further diminishes their effectiveness, as these systems require continuous monitoring, updates, and configuration adjustments to address evolving threats. To bolster security, businesses must move beyond relying solely on IDS/IPS and adopt more proactive, dynamic strategies like continuous validation and advanced threat detection solutions that leverage machine learning and behavioral analysis.

          5. Precision in Threat Detection and Response

    If traditional detection and response solutions are known for one thing, they likely overwhelm teams with alerts. A 2020 Forrester report found that the average security operations center (SOC) team was dealing with about 11,000 alerts per day or approximately 450 alerts per hour, and there is little doubt that the figure has grown since then. And it’s not only a volume challenge. Many alerts are false positives, removing a team’s attention from more pressing matters. Add it all up, and many alerts are left uninvestigated—A 2023 IBM survey found that on a typical day, SOC teams investigate only 49% of the alerts they should. 

    This challenge is further compounded by many modern threats, including prevalent malware strains designed to evade traditional Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP). Attackers utilize sophisticated toolkits and techniques like polymorphism, fileless malware, and living-off-the-land binaries (LOLBins) to bypass signature-based detection and blend into normal system activity. This renders traditional signature-based defenses largely ineffective, allowing malicious actors to operate undetected within compromised environments.

    Consequently, businesses must adopt advanced threat detection approaches beyond simple signature matching. Solutions incorporating behavioral analysis, machine learning, and contextual awareness are crucial for identifying anomalous activity, even when it doesn't fit a known malicious pattern. These advanced methods can uncover hidden threats and provide more precise alerts, reducing alert fatigue and enabling security teams to focus on genuine risks.

    It’s imperative that businesses look for ways to reduce alert fatigue and thoroughly investigate all threats. One option is to use contextual analysis and machine learning to establish baselines of normal behavior. With that baseline set, systems can quickly identify anomalous activities that fall outside of behavior and could threaten the business and then take swift action.

    Many of the solutions described in this article fall into a new Gartner category of cybersecurity dubbed Preemptive Cyber Defense. The need for this proactive approach stems from the inherent limitations of reactive security models. Traditional security focuses on responding to attacks after they occur, often resulting in significant damage and disruption. This reactive approach is no longer sufficient in today's rapidly evolving threat landscape, where sophisticated attacks can penetrate defenses in minutes or even seconds.

    As the name indicates, preemptive Cyber Defense shifts the focus from reaction to anticipation. This defensive model doesn’t sit and wait for incoming threats; it actively seeks to predict and prevent them. Organizations can significantly reduce their attack surface by proactively identifying vulnerabilities, hardening systems, disrupting potential attack vectors and minimizing the risk of successful breaches. 

    This preemptive approach is essential for several reasons:

    • Increased Attack Sophistication: Modern cyberattacks are increasingly sophisticated, utilizing advanced techniques to evade traditional defenses. Preemptive measures are necessary to stay ahead of these evolving threats.
    • Reduced Dwell Time: Preemptive defenses aim to identify and neutralize threats before they can establish a foothold within a network. This reduces dwell time, when an attacker remains undetected, minimizing potential damage.
    • Limited Resources: Security teams often operate with limited resources and face overwhelming alerts. Preemptive security helps reduce alert fatigue and allows teams to focus on the most critical threats.
    • Business Continuity: Preemptive defenses help maintain business continuity by minimizing disruptions caused by security incidents.
    • Regulatory Compliance: Many industry regulations and compliance standards require organizations to implement proactive security measures.

    One technology that falls into this preemptive cyber defense bucket is Automated Moving Target Defense (AMTD). AMTD leverages techniques like polymorphism, deception, and evasion to obfuscate targets, dynamically changing the attack surface to confuse and thwart potential attackers and prevent highly sophisticated attacks, without impacting ATMs, trading systems, and more. This includes known threats, zero-day threats, and offline protection for remote workers, even when the network is attacked and systems are disconnected.

    AMTD leverages techniques like polymorphism, deception, and evasion to obfuscate targets. It dynamically changes the attack surface to confuse and thwart potential attackers and prevent highly sophisticated attacks, without impacting ATMs, trading systems, and more. This includes known threats, zero-day threats, and offline protection for remote workers, even when the network is attacked and systems are disconnected. 

    Financial services businesses cannot afford to let unauthorized software, vulnerable endpoints, mergers and acquisitions, and unmonitored security controls put them at risk. It’s time to shift from reactionary measures to a preemptive cybersecurity defense approach focusing on continuous threat detection, including technology like AMTD. By anticipating threats, eliminating false positives, and taking decisive action, financial institutions can safeguard their operations and reputations, regardless of the future of the threat landscape.

    About the Author

    Brad LaPorte | Chief Marketing Officer at Morphisec and a former Gartner Analyst

     

    Brad LaPorte is the Chief Marketing Officer at Morphisec and a former Gartner Analyst. LaPorte is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio and MDR, Vulnerability Management, and Threat Intelligence. He Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.