Sean McElroy is chief risk and security officer at Lumin Digital.
Whether consumers know it or not, digital banking providers are essential partners for financial institutions. They deliver transformational, forward-thinking tools to help consumers manage their financial lives and grow their relationships with financial institutions. They are also critical infrastructure providers securing the financial services system.
Cybercriminals using ransomware to extort and exfiltrate are increasingly and brazenly targeting financial institutions. However, they’re also focusing on the service providers that support these institutions, aiming to create potentially much greater and more widespread impacts. This article will outline the key components and strategies necessary to secure an always-on platform.
Understanding The Threat Landscape
Risk leaders must grasp the unique characteristics of the threats they face before mindlessly investing in cybersecurity solutions. Indeed, general approaches to malware, including antivirus or endpoint detection and response (EDR), email defenses, and network protections, help build a defense in depth. However, threat actors targeting financial institutions are often part of large organized crime networks, some having nation-state sponsorship that allows them to spend significant resources planning their attacks and honing their craft. For such well-resourced gangs, generalist approaches are insufficient.
Cybercriminals know that managed service providers (MSPs) supporting multiple banks or credit unions hold the keys to vast networks and sensitive financial data. If the MSP has a strong culture valuing security, it will likely execute well on micro-segmentation or zero-trust network architectures that thwart ransomware operators. They know compromising a weak provider is akin to gaining entry into multiple banking institutions through a single entry point, making less sophisticated and newer digital banking providers a prime target.
Defenders must understand the tactics, techniques and procedures threat actors specifically use against them. Supply chain attacks, for instance, can leverage an MSP’s broad reach to slipstream malicious code into an application deployed to millions of end users’ browsers or mobile devices. Given the effectiveness of this tactic in the SolarWinds supply chain attack or Kaseya ransomware events, MSPs need robust approaches and investments in protecting software development life cycles, CI/CD pipelines and distribution networks in addition to general best practices.
Building A Resilient Infrastructure
Resiliency, not redundancy, is vital. Users must not have persistent administrative or data access, and advanced cybersecurity practices like “just in time” access systems that minimize and carefully analyze and dispense the privileges are required components in a modern financial technology service provider. Of course, MFA is an essential requirement, but more sophisticated device posture assessment and continuous authentication technologies are critical to ensure authorized users and devices behave as expected when interacting with large data repositories or critical systems.
Solutions coming to market after 2016 are almost undoubtedly cloud-native. Deep integrations into cloud detection and configuration management services give them a leg up against the sea of legacy MSPs in financial services, many of which are using the same languages and approaches from the early part of this century. A meaningful measure of how resilient a digital banking platform is, is how often it is rebuilt to incorporate newer approaches to evolving threats. Resiliency is not a “one and done” checkbox—it requires continuous improvement and investment to keep threats at bay.
Threat Detection And Response
Adept cybersecurity leaders understand the goal is not perfect defense but early detection and rapid response. Without an in-house security operations center (SOC) that profoundly understands the architecture and baselines of a digital banking platform, the telltale signs of reconnaissance and initial access will likely go unnoticed, allowing cybercriminals to lurk undetected as they prepare their damaging endgame. MSPs must recruit, train and regularly exercise their teams through relevant and realistic scenarios to minimize attacker dwell and incident response times.
Effective security operations teams are more than just standby resources for incident response; they bring essential capabilities through automation and actionable insights. SOC teams are increasingly vital in automating defense strategies by integrating and orchestrating security platforms and tools. Threat detection and response demand expertise to operationalize cyber threat intelligence shared within the financial sector and to apply advanced technologies like AI-driven threat detection. Although terms like these have often been seen as buzzwords, leading MSPs are now achieving real security outcomes by intelligently using these capabilities to counter increasingly complex threats.
Creating A Cybersecurity Culture
Ultimately, digital banking platforms can only withstand the onslaught of advanced persistent threats with a supportive cybersecurity culture promulgated from the very top of the organization. Boards that hold leadership accountable align an organization to prevent unbridled revenue chasing or shortsighted cost-cutting exercises from weakening an MSP’s posture.
While culture is notoriously difficult for customers to assess outside the organization, some externally visible signs exist:
• An empowered CSO or CISO who reports directly to the CEO, avoiding conflicts of interest that can arise when reporting to a technology or legal leader.
• A substantial security training budget that the infosec team uses to enhance skills rather than just attending trade shows.
• Active contribution to threat intelligence, not just reliance on information from external sources.
It’s rare to find a company with a weak cybersecurity culture that embodies all three of these elements, and nearly impossible for an organization to demonstrate real strength in cybersecurity if any of these elements are missing.
Conclusion
Securing always-on digital banking platforms is critical. These services underpin our society and people’s financial well-being. Industry leaders must be forward-thinking in approaching and investing in robust security measures and proactive resilience strategies. With intention and care, security and privacy are achievable at scale, anywhere.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
