Combatting the Rising Tide of Cyberthreats in Financial Services
By Carlos Morales
SVP of Solutions
Since companies in financial services face more cyber attacks than any other industry, strong defenses are the norm. But with new and more challenging threats to larger, more complex networks, even a strong defense needs the additional, blanket protection offered by cloud-based security solutions.
Companies in financial services process billions of financial transactions ever year while maintaining millions of sensitive customer records. That combination has made it the industry most often targeted by cybercriminals. for five years at least1.
Financial services was the target of almost one-quarter of all attacks2 recorded across ten industries in 2020 – 30% more attacks than the second most attacked industry.
And the threats are getting worse. In 2021, the Financial Services Information Sharing and Analysis Center (FS-ISAC) was forced to raise its threat level from “guarded” to “elevated” three times3, compared to just once in previous years. Looking toward 2022, the organization’s annual cyber threat report concluded, “We expect current trends to continue and possibly worsen.”
Protecting a network against this unrelenting onslaught requires an exceptionally strong IT security posture, particularly since most networks today are larger, more complex, more diverse – and therefore more difficult to defend:
- More business functions, including critical processes, have moved to digital channels, expanding the network, and adding new vectors and vulnerabilities.
- More data assets and applications – including web applications -- are housed in the cloud while the use of IoT devices is increasing, pushing the vulnerable edge of the network outward.
To strengthen their defenses, financial services companies are choosing cloud-based security solutions. They add critical protections that supplement on-premise defenses with industrial-strength capabilities to defend effectively against the largest and most difficult attacks. They intercept and counter threats before they penetrate the network, protecting assets wherever they are hosted. And they benefit from constant updates and oversight from IT security professionals focused exclusively on tracking and defeating a range of major threats.
Threats to web applications: These indispensable tools present challenging security issues, in part because they must be accessible all the time to virtually any user connecting from virtually any network, and in part because many have security flaws or weaknesses. In 2021, in fact, 50% of all web applications were vulnerable to attack4.
As a result, web application attacks in financial services have increased every year since 2017, soaring 38% in the first half of 20215. Today they are identified as the primary pattern for breaches in financial services6.
A cloud-based web application firewall (WAF) is the primary defense available against application layer threats. A strong WAF offers flexible, always-on protection that covers web applications wherever they are housed. Key capabilities in an effective cloud WAF solution include:
- A range of flexible security options including both negative and positive security
- Preconfigured protections against common threats including the OWASP top 10.
- Protections against zero-day threats through automatic updates as new threats emerge.
- Easy-to-manage capabilities to customize protection such as rule recommendations based on actual traffic.
- Full visibility into application traffic across even complex hybrid environments, with flexible reporting and logging features.
Malicious bots: Incredibly, bots now account for around 40% of all traffic on the internet. A significant percentage of this traffic is malicious, with potentially serious consequences. Bots are used in API injection attacks, account takeover (ATO)attacks, card cracking and other fraud attempts, content scraping, and other attacks.
The threat is only intensifying. Bot attacks in financial services jumped 156% in Q4 20217. The fundamental challenge in handling this growing threat is distinguishing malicious traffic from the legitimate bot traffic that is essential to important business functions.
A cloud-based bot detection and management solution addresses that challenge by examining traffic on the internet before it approaches your applications. The best solutions leverage industry intelligence and the expertise of specialists who track malicious bots to detect and identify them, and provide options to isolate and manage them. Capabilities you should seek include:
- Multiple bot detection methods including device fingerprinting, rate limits and transactions per second.
- Current IP intelligence data to identify new and emerging malicious botnets.
- Additional identification safeguards that can be easily customized and applied.
- Capabilities to categorize and fingerprint bots for effective management.
- Multiple options to manage flagged traffic, including delay, redirection, and blocking.
DDoS attacks: While Distributed Denial of Service (DDoS)attacks are not new, they have evolved over the years and have become more sophisticated, more intense, and more frequent. In 2021 our security operations center saw a 3x increase in attacks – and financial services has been the third most targeted industry over the last several years8.
Many financial services providers have significant on-premise DDoS mitigation capabilities. Today’s sophisticated attacks can overwhelm their capacity, however, with devastating effect. In 2020, DDoS attacks knocked the New Zealand stock exchange offline two days in a row9. A year later multiple financial institutions were taken down. More recently, western banking institutions have been the victim of attacks stemming from the ongoing Ukraine conflict.
That’s why so many financial service providers supplement their in-house mitigation tools – or replace them completely – with a dedicated, cloud-based DDoS mitigation service. These services combine massive capacity with the technology and expertise to counter complex, short or long-duration, and multi-vector attacks. They can scrub malicious traffic before it chokes your network and prevents access – or threatens your enterprise with ransom demands. Critical capabilities include:
- Massively overprovisioned mitigation platform to absorb the largest and most long-lived attacks.
- Global access with multiple tier 1 internet network providers for reliable redundancy.
- Advanced orchestration platform that interconnects with customer networks and on-premise solutions for near-instantaneous response.
- Sophisticated automation to manage defense in depth, supported by 24/7 SOC expertise.
- Flexibility in protection and service configurations, including always-on, on-demand, and hybrid options.
Threats through and to DNS: DNS attacks have become a more serious issue for financial services than in other industry. In 2021, 91% of financial institutions were hit by at least one DNS attack10. On average, companies were attacked 8.3 times in a 12-month period, compared to 7.6. times for all industries. They took longer to resolve and caused more damage – nearly $1.1 million per attack11.
Beyond the financial damages, the consequences include cloud and application downtime, compromised websites and customer data, and brand damage. The last is not surprising, since every online brand experience you provide starts with your DNS service.
That’s why so many companies are turning to a cloud-based authoritative DNS service to protect access to their website and network assets and defend against DNS threats. Managed services ensure reliable, trouble-free navigation for customers and partners, protect your assets and users, and simplify the work of managing DNS configurations. Your service should include:
- Effective security features to protect DNS availability (DDoS protection for resolvers) and network assets (robust, user-friendly DNSSEC).
- Overprovisioned, fault-tolerant global platform for outstanding reliability and the fastest responses.
- Dual authoritative DNS network option for the highest level of geographic, network level, transit, and operational redundancy.
- Advanced traffic management including failover service and load balancing options.
- Easy-to-use management tools such as secure access management, real-time change data, and a proactive configuration tool.
Neustar Security Services offers all these critical protections for financial services companies with an integrated suite of cloud-based security solutions. They are continually monitored and supported by experienced IT security professionals in our 24/7 security operations center (SOC) and backed by outstanding customer support. Professional services are available to assist in installation and configuration to maximize their value to your business.
Learn more about strengthening your protections against significant threats with powerful, comprehensive cloud-based solutions tailored for the needs of the financial services industry.
Oct 3, 2022 3:00:44 PM