by Elliott Wilkes, CTO of Advanced Cyber Defence Systems (ACDS)
Globally, cyberattack volume is increasing exponentially, without much differentiation of an organisation’s industry or size. Worryingly, recent research has revealed that over a third (36%) of organisations worldwide have experienced three or more data breaches in the past 24 months. From technological advancements, like artificial intelligence (AI), making cyberattacks both easier and quicker to carry out to growing global geopolitical tensions prompting an uptick in nation state led attacks, it’s time for organisations to understand that they are or will be a valuable target, regardless of the data they hold. Crucially, the stakes are significantly higher for organisations in the finance industry.
Protecting the Data: Compliance and Beyond
Financial organisations hold extremely coveted data for cybercriminals, notably personally identifiable information (PII). Although the sorts of PII that an organisation holds varies between companies, information held may include sensitive data like names, addresses, contact details, specific financial information, and/or social security numbers. Additionally, financial organisations are held to stricter data security regulations than other sectors, including PCI DSS. Despite this, it is thought that nearly one-fifth of reported cyber incidents in the past two decades have targeted the financial sector, causing around $12 billion in direct losses to financial firms.
Take, for example, JPMorgan Chase, who suffered a data breach earlier this year affecting the personal information of over 450,000 customers, including victim’s names, addresses, social security numbers and bank account numbers. This cybersecurity incident occurred because of a software ‘issue’ that gave full access to “authorised system users” who were employed by JPMorgan customers or their agents. It is thought that the issue, which has since been fixed, had been active within the network since August 2021. Whilst there are many ways organisations can significantly reduce the risk of similar attacks, like implementing privileged access management (PAM) tools to limit who has access to sensitive information, there are two things financial leaders can do to reduce risk across the whole organisation: mapping the attack surface and testing it.
Mapping and Monitoring the Attack Surface
The attack surface of most organisations is expansive, even more so in a world where hybrid working is the norm. IT teams are no longer only protecting the things they can physically see on prem, but also devices in other places. This, paired with additional connected (IoT) devices on the network, can make it hard for IT teams to keep track of exactly what devices they need to protect, leaving organisations at risk of attack. Even the most seemingly innocuous devices (like a smart printer, for example) could be an easy entry point for cybercriminals into a system. Worryingly, recent research has revealed that half of IT professionals believe there are devices connected to their network that they’re unaware of, despite nearly 60% admitting that insecure devices pose a ‘very high’ or ‘high’ risk to their organisation. So, what can organisations do about it?
Think of the attack surface like a constellation. Mapping it is both crucial for understanding and seeing the full extent of it. By mapping and monitoring the digital footprint of an organisation, IT teams can proactively mitigate against risk that may previously have been unknown, including any vulnerabilities that could impact the organisation. However, scans of this nature – to discover and map new/existing devices – must be done regularly to ensure any new vulnerabilities are not affecting an organisation and its internet-facing IPs and domains. If any vulnerabilities are flagged, they can be remediated straight away and not later, when attackers are in the system.
Pentesting: Probing the Attack Surface
Whereas attack surface management focuses on passive reconnaissance and monitoring, pentesting, on the other hand, involves active exploitation carried out by ‘white hat’ (or ethical) hackers. Penetration testing typically follows a structured approach (including reconnaissance, scanning, exploitation, and reporting) through a simulated cyberattack exercise. Unlike attack surface management, these exercises happen less frequently (and certainly not continuously). However, these professionals think and act like hackers, which is an invaluable asset to any organisation.
Multi-Layered Approach to Cybersecurity Within Financial Orgs
Penetration testing and attack surface management complement each other when it comes to building a comprehensive cyber strategy. Whilst attack surface management regularly scans for and flags vulnerabilities, penetration testing, on the other hand, takes a more human approach to network security, getting into the mind of a malicious hacker. By leveraging the strengths of both approaches, organisations can enhance resilience and safeguard valuable assets, which is crucially important in an increasingly hostile digital landscape.
A good cybersecurity posture is not only important, but essential, for security, compliance, and in many cases, for cyber insurance qualification. To fight against the evolving threats facing financial companies, organisations must adopt a multi-layered approach to mitigating risk. Combining the strengths of lots of different tools and approaches, IT teams can benefit from the most up to date guidance and tools, holistically.
