Financial services: fighting the new heist frontiers of cyber space with multi-faceted solutions

South Africans are unfortunately used to the idea of cash-in-transit heists and on-premises bank robberies, but in today’s increasingly connected world, the thefts of the future are already here. The risks of attacks on financial institutions’ security systems are as real and as destructive as they ever were – it is just that the frontiers are now also being breached in cyber space, as well as via the bank door or attacks on the modern-day ‘stage coach’.

This is according to Stefan van de Giessen, General Manager: Cyber Security at value-added distributor Networks Unlimited Africa. He says: “In order to combat the rising sophistication of security threats, businesses today need to take a systematic and holistic approach to the different aspects of their security – this is utterly crucial. On a positive note, it’s important to be aware that, as a result of lessons learnt right here in South Africa, like the Liberty breach of 2018, which saw the organisation’s entire e-mail repository compromised and held to ransom, most financial institutions are far more aware of the importance of securing their customers’ data.”

Van de Giessen explains the vendor partners represented within the Networks Unlimited Africa security suite are chosen for their unique and complementary solutions.

They include:

• Attivo Networks, a leader in deception for cyber security threat detection;
• Cofense, which provides intelligent phishing defence solutions that empower employees to be aware of phishing threats and report them, after which incident response technologies are triggered; and
• Carbon Black, which provides next-generation endpoint protection and threat hunting solutions, to secure and monitor endpoint activity.

“All three of these vendor partners have recently released reports or white papers focusing on the financial services sector,” says Van de Giessen, “underscoring the worldwide importance of securing this industry. There is a clear theme coming through in all these documents, which is that financial institutions today feel as though they are constantly under attack. And when you are under siege, the best form of defence is to be proactive, and on the offensive.”

Attivo Networks: ‘Deception technology for financial institutions’

The Attivo report explains: “Deception technology adds critical functionality for detecting attacker activities early and accurately in the attack cycle. Taking a page out of military operations, Attivo applies deception-based decoys and lures within the network to deceive and misdirect attackers, tricking them into revealing themselves. It presents a unique opportunity to change the asymmetry of war against cyber attackers, altering their reality and imposing increased cost as they are forced to decipher what is real and what is fake. It is also a valuable resource for gathering company-specific threat intelligence on an attacker's tools, techniques, and motivations.”

Van de Giessen comments: “This is an excellent example of being prepared with your defences. Attivo uses deception technology in a ‘smoke and mirrors’ manner to draw out attackers that are inside your network, in order to simultaneously have them reveal information about themselves while luring them away from their true target.

“Today’s technology has obviously brought tremendous enablement but also widened an enterprise’s attack surface and risk threats. The war-defence metaphor is an interesting example of how easy it is for a business to feel as though it is under attack, and in need of self-defence solutions.”

Cofense: ‘Show me the money! A closer look at phishing in the financial industry’

“Human intelligence is vital to phishing defences,” says Van de Giessen. “It is crucial to educate users through a phishing awareness programme, and this should include a focus on threats that are using the latest tactics, techniques and procedures (TTPs). This allows employers to make employees their best protection against phishing, rather than being the weakest link.”

The Cofense report points out that sophisticated hacking groups and insider attackers prey on banks, credit card providers and payment processors like PayPal. To show how extremely destructive phishing can be, Cofense cites the example of the CEO of Belgian Bank Crelan, who was taken in by a phishing e-mail requesting a wire transfer of $75.8 million.1

The report notes: “The financial services industry is heavily attacked and sees its share of high-profile breaches. However, as shown by Cofense data, when financial services companies train employees, they will report phishing. In fact, the financial services industry performs in the top tier across major industries, with over two employees reporting simulated phishes for every employee taking the bait.”

Carbon Black: Modern bank heists: the bank robbery shifts to cyber space

Tom Kellerman, Chief Cybersecurity Officer at Carbon Black, is the author of this report. He says financial institutions are grappling with some of the most advanced cyber crime syndicates, and that cyber criminals have formed sophisticated approaches to gain access to confidential banking and financial information.  

Interesting statistics highlighted in the report include:

• Sixty-seven percent of surveyed financial institutions reported an increase in cyber attacks over the past 12 months.
• Twenty-six percent reported being targeted by destructive attacks over the past year. This figure represents a 160% increase over 2018.
• Thirty-two percent encountered ‘island hopping’, an attack where supply chains and partners are commandeered to target the primary financial institution.
• Seventy-nine percent of financial institutions said cyber criminals have begun leveraging highly targeted social engineering attacks, deploying advanced TTPs for hiding malicious activity, and exploiting weaknesses in people, processes and technology to enable the ability to transfer funds and extract sensitive data.

“On the good news front, 47% of the CISOs surveyed said their organisations have deployed threat hunting teams – an increase of 27% from 2018 – with 32% saying they conduct threat hunts on a monthly basis and a small handful saying they conduct hunts daily,” clarifies Van de Giessen. “Active threat hunting is an important step for businesses with mature security programmes because it prepares defenders to be pre-emptive rather than simply reacting to the deluge of daily alerts.

“It is imperative that businesses move away from reactive security, as the financial industry cannot afford to have a cyber criminal dwell on their systems for months,” he continues. “All three of these security companies – Attivo Networks, Cofense and Carbon Black – have outlined the importance of being proactive rather than reactive in their defences. Security needs to have a holistic approach, ensuring each level is protected with effective technology. A systematic, unified, layered posture ensures that all attack vectors are covered,” he concludes.

For more information around the source documents quoted, please click here.

1. "Phishing Attacks in the Banking Industry,” InfoSec Institute, 2018.