The sector looks to reduce the attack surface area after a 238% surge in cyberattacks
According to IBM, 23% of all cyber-attacks are directed at financial institutions, while the total cost of a single data breach is the second largest among all industries, costing financial organisations $5.72 million on average.
Another study indicated that 53% of data breaches are financially motivated, so the industry is constantly on the cybercrime radar. In other sectors, malicious users get a foothold through social engineering, credential stuffing, and application vulnerabilities. However, the Finance sector is different as these users primarily compromise internal corporate networks.
The pandemic has accelerated the digital shift, with enterprises focusing on securing cloud environments. Cybercriminals also leverage this change, especially when businesses move to cloud-based platforms. Financial institutions also opt for SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service), and IaaS (Infrastructure-as-a-Service), leaving additional vulnerabilities in a multi-layered environment.
Studies indicate that since the pandemic, banks faced a 238% surge in attacks. They can be devastating to the economy, given their interdependence and daily transactions. The United States Federal Reserve Bank of New York said, “compromising any of the five most active United States banks will result in significant impacts to other banks,” resulting in $130 billion of forgone payment activity. Unsurprisingly, the average cost of a data breach in Finance is 52% greater than average — around $5.85 million.
The finance sector is strictly regulated and has to comply with complex cybersecurity rules. It makes data breaches even more problematic, as organisations must pay fines and remediation costs, in addition to compensating the lost funds. These requirements call for a holistic approach.
“Organisations have to strictly authenticate both external and internal users to protect their corporate systems. Financial institutions suffer from internal actors who know the banking system’s inner workings, and state-backed hackers often target them. While cybersecurity automation today cannot guarantee holding off attackers, a reduced surface area can greatly lower the risk”, says Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.
Zero Trust and IP whitelisting – a bottleneck for attackers
To minimise the cyberattack surface area, financial companies establish secure connections for employees and contractors to reach essential assets. However, unconditional trust can be harmful if malicious users compromise the connection.
“Today’s authentication is based on a Zero Trust model, meaning that employees and contractors can only access limited resources for a defined period. Even if their connection is compromised in a supply chain attack, hackers won’t do much harm as they won’t reach the rest of the internal network”, says Gurinaviciute.
The organisation can also implement an additional security layer that filters the end-point devices and apps based on their IP address. With IP whitelisting (also known as the allow list), admins can create a set of trusted employee and third-party devices, granting them access to the corporate network. This policy complicates the onset of the cyberattack, limiting its surface area.
However, manually whitelisting particular IPs can be arduous, especially for smaller organisations like FinTech startups. Companies can stay resilient by implementing third-party solutions with a centralised control panel for an efficient addition of new devices and applications.
Accenture estimates that banks will lose $347 billion to cybercrime in the coming years. Organisations with strict and robust external authentication shouldn’t overlook the resilience of their internal networks. Cooperation with technology service providers (TSPs), managed service providers (MSPs), and cloud service providers (CSPs) is inevitable. It brings efficiency and scalability but comes with a cost. To neutralise new possible attack vectors, Finance should review their contractors’ and employees’ access privileges — IP whitelisting is an appropriate first step.