How Threat Intelligence Helps Financial Services Institutions Stay Ahead of Cyber Threats
July 18, 2019 • The Recorded Future Team
Protecting an organization from cyber threats is never easy. These days, threat actors are always ready to adapt their tools and techniques to evade the latest security controls.
But of all the industries to be a security professional in, financial services is one of the toughest.
Historically, the financial services industry has been targeted by cybercriminals more than any other, which makes sense — if you want to make money illegally, who better to target than banks and insurance providers?
In this blog, we’ll examine just how serious the situation is for financial institutions and explain how they can use threat intelligence to level the playing field.
Financial Services Threats by the Numbers
Verizon’s 2019 Data Breach Investigations Report (DBIR) identified phishing and privilege misuse as the top threat vectors for financial institutions. Threat actors use a variety of techniques (mostly based around social engineering) to steal login credentials from customers and employees, and use them to steal money.
This technique is so popular that the financial services industry is targeted more than any other by phishing attacks, according to PhishLabs’s 2019 PTI Report. A massive 28.9% of global phishing volume targets financial institutions and their customers.
Of course, phishing is far from the only threat faced by the financial services industry. There’s a whole field of malware, known as mobile banking trojans, that originally sprang up as a way to steal banking credentials and compromise mobile banking apps. More recently, ATM jackpotting is just one of dozens of attack vectors used to steal or defraud money from financial institutions.
And with such a high volume of incoming attacks, it’s only natural that some are successful. At the other end of the scale, financial institutions are also routinely targeted by highly advanced, state-sponsored hacking groups.
Microsoft’s 2018 Security Intelligence Report details how several financial institutions in the U.S. were targeted by a state-sponsored APT group. The group used a “highly targeted, obfuscated backdoor implant, possibly delivered via a spearphishing email” to execute fraudulent transactions and transfer “large sums of cash” into foreign bank accounts.
Advanced cyberattacks like this are commonplace for financial institutions, who are forced to remain on the cutting edge of cyber defense just to stay in business. Unsurprisingly, the volume and sophistication of cyberattacks targeting the financial services industry don’t come without significant cost.
Ponemon’s 2018 Cost of Data Breach Study found that financial institutions suffer a higher rate of data breaches than any other industry. And according to a study by Accenture, cybercrime costs the average financial services institution $18.3 million each year, 56% more than the $11.7 million average across all industries.
These statistics tell a story. Threat actors have consistently adapted their methods to profit at the expense of financial institutions. And it won’t stop anytime soon.
Staying Ahead of Cyber Threats
With such an onslaught of threats to defend against, financial institutions are forced to invest heavily in cybersecurity. However, in a world where threat actors constantly refine their tactics, techniques, and procedures (TTPs) these institutions are forced to accept an inalienable truth: No matter how much you spend on cybersecurity, you can never do “everything.”
Yes, financial institutions generally spend far more on security than similarly sized organizations in other industries. And yes, they are forced to maintain a high level of cybersecurity across the board.
Nonetheless, no matter how large a financial institution is, they can’t invest in every available security technology, or hire an endless number of skilled security practitioners to keep their data and assets safe. Even the world’s largest banks, investment funds, and insurance providers have to prioritize their security resources to protect against the most likely (and most damaging) forms of cyberattacks.
Fundamentally, that’s what threat intelligence does: It helps security professionals at all levels make better, faster decisions about where to focus their time, attention, and resources.
Threat Intelligence for Financial Services
Security professionals are busier than ever. According to research by Imperva, more than half of security professionals (55%) receive over 10,000 alerts each day, and over a quarter (27%) receive in excess of one million daily alerts.
Given that financial institutions face a higher volume and sophistication of cyber threats than any other industry, it’s reasonable to assume that many are members of the “million-plus alerts per day” club. Threat intelligence helps security professionals in the financial services industry cope with these huge stresses by helping them prioritize their time and resources in the most efficient, effective way possible.
Common use cases include:
- Incident Response: Incident response analysts face a constant barrage of threats and alerts, so prioritization is essential. Threat intelligence helps them quickly identify the most important threats (while discarding those that are unimportant) and concentrate their time and expertise where it is most needed.
- Security Operations: Alert fatigue is a well-documented reality for security professionals, and a financial sector SOC is just about the worst possible candidate for it. One of the most important functions of threat intelligence for SOC analysts is the immediate (often automatic) discarding of “false positive” alerts, which can otherwise waste thousands of analyst hours over the course of a year.
- Vulnerability Management: Many organizations treat patching as a numbers game. The more patches they apply, the better their metrics look, and the happier their leadership is that “something is being done.” But not all vulnerabilities are made equal, and financial institutions don’t have the luxury of only looking good on paper. Threat intelligence helps vulnerability management professionals remediate vulnerabilities based on the level of risk they pose to the organization.
- Security Leadership: Security leaders (CISOs in particular) have a tough job. The decision about how best to use limited resources to secure their organization’s assets and data ultimately rests on their shoulders. Threat intelligence helps security leaders make informed decisions about who to hire, which security technologies to procure, and where to invest their budgets to minimize cyber risk.
Protecting the World’s Money
Like most organizations, financial institutions are responsible for keeping their customers’ data safe. However, unlike most organizations, financial institutions have an added responsibility: safeguarding their customers’ money.
Recent history has taught us that threat actors will stop at nothing to gain access to financial accounts, whether by stealing credentials, compromising mobile apps, or some other innovative means.
For precisely this reason, most financial institutions (including the likes of Fannie Mae and one of the world’s top banks) already use threat intelligence in some form to help them identify and respond to their most pressing cyber threats.
If your organization isn’t one of those, there’s something you can do. Sign up for our free Cyber Daily newsletter, and you’ll receive the top cybersecurity intelligence direct to your inbox each morning. That includes:
- Top targeted industries
- Most active threat actors
- Most exploited vulnerabilities
- Trending malware
- The latest suspicious IPs
- And much more
Subscribe today and use this intelligence to keep your organization — and your customer’s data and money — safe from cyber threats.