Cybersecurity is top of mind – last week, professionals flocked to this year’s RSA conference, the largest enterprise security conference in the world. And for good reason – cybersecurity remains one of the industry’s largest pain points as cyberterrorism emerges and data proliferates. According to the Identity Theft Resource Center, there were 738 data breaches last year, a 25% increase over the year prior. Nearly every pocket of enterprise has a cybersecurity soapbox to stand on – from top tech execs, coders, hackers and even government officials (President Obama convened a cybersecurity summit at Stanford a few months ago).
Just a few weeks ago, Senator Thomas Carper and Senator Roy Blunt introduced a bill that would establish national data security and notification standards, largely focused on post-breach requirements to notify government officials and consumer reporting agencies. President Obama’s cybersecurity initiatives push forward information sharing between banks, businesses and government bodies in the wake of a data breach. A common thread between all these initiatives is the focus on post-event, not pre-event activities. Are we tacitly accepting that with data breaches, it’s a matter of when, not if?
Most firms are largely intrusion-centric, which is still a critical part of any cybersecurity infrastructure. But being intrusion-centric is not being totally preventative when it comes to cyberattacks, making banks vulnerable to new and innovative threats that use slow, persistent, and under the "radar" attacks. Rather than focusing on totally preventative measures, banks are largely focused on managing intrusion. Instead of investing now in the total prevention process needed to truly protect against cybercrime, banks are in a "wait and see" mode. Firms are waiting for solutions to come into the marketplace and not stepping out of the herd to invest in out-of-the-box approaches to combat and put in place the necessary preventative measures. Banks need to make sure they are implementing cybersecurity measures with a view towards creating an impenetrable defense against "lateral" moves within a network to deter and stop "slow and persistent" attacks.
So what does that mean exactly?
Banks need to focus on complete transformation by analyzing the end-to-end cybersecurity process and identify what is truly needed to have a totally preventative defense in place. Banks need to leverage big data analytics so that they can catch "lateral moves" within a network and stop unauthorized access or breaches as they occur. Think of cybercrime as someone breaking and entering your house, living there without your knowledge and stealing your information and you only become aware of a problem after they’ve walked away with your information. Most of today’s cybersecurity measures are meant to be intrusion-centric and reactive, i.e. you become aware of an incident after the damage is done.
Wouldn't you rather have a detection system that sets off alarm bells as soon as an unwanted visitor steps foot into your house and is accessing your personal information? Similarly, having intrusion-centric defense capabilities is good but banks need to have defenses against "lateral moves" in the network where slow and persistent acts disguised as normal transactions are accessing and extracting information. This is the only way managers can catch a problem or breach as it is happening to prevent serious damage.
Additionally, information has to be real-time or run-time. A just-in-time alarm sounding as an unwanted intrusion or data access is occurring will enable timely response and stop the breach. Again, the faster the alarm, the more likely you can will catch an incident as it is happening and prevent the intruder from causing any real damage.
The financial institution is under cyber attack and banks need to be prepared with solid defenses. The New York State Department of Financial Services Report on “Cyber Security in the Banking Sector,” reports that there are a number of factors leading to the increase in cyber attacks: “Organized crime groups, cyber gangs, and other criminals breach systems for monetary gain—i.e., to steal funds via account takeovers, ATM heists, and other mechanisms. As the cost of technology decreases, the barriers to entry for cyber crime drop, making it easier and cheaper for criminals of all types to seek out new ways to perpetrate cyber fraud.” Clearly, banks are facing an incredible cybersecurity threat that will only continue to grow in years to come. Let’s focus on prevention, not just intrusion. It’s the only way we’ll ever beat cybercrime.
About the Author
Sanjay Vatsa is EVP & Chief Strategy Officer for Polaris Consulting & Services Ltd. a leader in digital transformation solutions and services. He recently joined the organization, and was previously Global Head of Transformation, COE, Data & Operations Strategy at SFS in Citigroup. Sanjay can be reached at sanjay.vatsa@polarisFT.com