Building a comprehensive cyber security framework for the digital era
As the financial services industry embraces digital transformation, it faces new cyber security challenges that require banks to adopt a holistic cyber security framework.
- Protecting customers in multichannel environment is one of the biggest challenges for banks amidst increasing cyber threats
- A cyber security framework requires a robust threat intelligence capability so that any threats can be detected, identified and tracked
- Banks need a new security model that provides visibility and control across the extended network before, during, and after an attack
Banks are expanding their mobile digital network and internet banking capabilities but they are being exposed to new types of cyber threats in the process. Despite heavy investments in cyber security, there is often a gap between “ability to detect the fraud” and “ability to deliver a fraud”. For financial institutions, the impact of cyber attack does not only cause extensive monetary loss but reputation and trust are at stake too - something which the financial institutions have established and built painstakingly over a long period of time. The recent compromise of nearly 3.2 million debit cards in India - one of the biggest breaches of financial data in the region - brings this topic to the center-stage of discussion for several banks.
The perpetrators of the crime are constantly devising ways to prevent detection, and innovative cyber attacks are necessitating banks to work with partners that can help put them at the forefront of tracking and managing these threats. With relentless and changing threats as well as nimble fraudsters, banks are compelled to continually invest in emerging technology for a multi-pronged security approach that covers intrusion protection, system recovery, analytics insight, strong monitoring, authentication and customer education.
Arindam Mukherjee, operations director, Cisco India pointed out: “Financial institutions are built on customer trust, in particular the mobile payment business,which depends entirely upon consumer confidence. Firms must be able to prevent security breaches, and detect and remedy them quickly. Mobile-payment security breaches can result in downtime, lost revenue, diminished business reputation, retribution costs to remedy the damage, and loss of financial data. Uncertainty about cyber security is also causing banks to delay critical digital initiatives which are key differentiators in an increasingly competitive economy. With proper cybersecurity capabilities in place, the worldwide mobile payments will generate as much as $396 billion across industries from 2015-2024.”
Challenges in cyber security
The greatest challenge in managing cyber security in this multi-channel world is that a bank’s defense is only as strong as its weakest link. A survey by The Asian Banker shows that the biggest challenge in managing cyber security is “how to adequately protect clients in a multi-channel environment”. Thirty percent of the respondents rated this as the biggest challenge followed by “rapid evolution of malware” at 22%.
“For instance, take the case of the recent breach in India.Interestingly, it affected only the non-chip and PIN debit cards, and only when they were used at ATMs. The attack would have travelled on the internet — the same channel that you and I use for our daily communication; and this is where Cisco TALOS’ cloud intelligence can help — it has the capability to prevent such attacks. For attacks to be successful, the primary requirement is to establish a communication with the Master (the command and control centre for malware). In cases where the callbacks are blocked, the attacks can be foiled,” said Mukherjee.
Business expansion demands rapid scaling-up of digital and social media channels. However, it is becoming increasingly imperative that customer convenience is balanced with security measures. As banks digitize their operations, new digital channels for engagement with customers have emerged along with open architectures, cloud, out-sourcing and partnership models like application programming interface (API) which expose banks to new cyber security threats. The challenge gets more accentuated as the sophistication of threats is constantly evolving, making it harder for banks to counter the attacks and requiring investments in advanced technology capabilities.
Hackers are organized and spend hundreds of man-hours to reconnoiter banks’ activities and users. Attacks are planned and designed over months and launched in just a few hours. The interesting part is that it takes days to detect a breach, and more than a few months to clear the malware from the setup.“Professional hackers are adopting more lucrative and sophisticated forms of attack, such as spear-fishing, ransomware, data theft, and mobile malware, posing fresh fraud prevention challenges to banks. This is where a point in time approach does not help. Cisco believes that continuous protection is the only solution to prevent advanced threats, and has therefore developed the before,during and after strategy based on this philosophy,” said Mukherjee. “An increase in the number of mergers and acquisitions, and the need to implement security policies for the new integrated organization, remote users logging in from disparate devices, complex and fragmented security solutions, and a dearth of talent, further compound the situation,” added Mukherjee.
Coordinated and sophisticated cybercrime operations that can result in massive monetary and reputational damage while significantly disrupting operations are now common. For instance in the February 2016 $81-million attack on Bangladesh’s central bank, malware was installed on the bank’s network, which delayed detection. The malware attacked the SWIFT system by subverting the software used to automatically print SWIFT transactions.. A Vietnamese bank was also affected by a similar malware. SWIFT issued a notice in May 2016 confirming that in the second cyber attack, a malware was applied which was directed at the banks’ secondary controls and targeted a PDF reader used by banks to check the statement messages and remove traces of fraudulent transactions. Regulators recognize the adverse impact of such well-coordinated and sophisticated attacks on banks and the financial system as a whole, and have put in place policies and processes to ensure robust IT security and risk management.
Develop a holistic security framework
A critical component of developing a cyber security framework is to implement a robust threat intelligence capability so that any threats can be detected, identified and tracked. This requires banks to develop end-to-end protection. While banks explore cloud and third party systems as part of their digitization efforts, they are exposed to new risks which need to be countered as well.
Mukherjee reiterated that banks need a new security model that delivers the visibility and control across the extended network and the complete attack approach - before, during, and after an attack:
- Before an attack: limit attack from surfacing, enforce baseline defense mechanisms, implement access control policies and keep a higher ground by having complete visibility of the endpoints that are connected to the network and the traffic flow patterns.
- During an attack: detect any incursions and intrusions in real-time, block and defend the resources by dropping traffic flows, which can threaten the network.
- After an attack: use retrospective analysis and forensics methods, investigate the source of the attack, and identify elements that could potentially be used for future waves or similar attacks.
Analytics plays a significant role in managing cyber security threats. Increasingly, banks are exploring big data and analytics to get additional information that can form a line of defense against fraudsters. Big data and analytics help banks to gain access to all the key aspects of network traffic, patterns and trends in order to quickly respond and mitigate the impact of an attack. By identifying deviant patterns and anomalies, the banks are able to anticipate and block potential attacks. Cyber security excellence is now being viewed as a key driver of business value.
“Cisco’s value proposition revolves around unified access and control applications across all channels, real time and advanced malware protection to analyze an attack and prevent recurrence as well as firewalls with intrusion prevention and advanced malware protection features, to protect data center assets," explained Mukherjee. He explained that the platform-based solutions provide security in three ways:
- Context-aware security: take advantage of physical and virtual hosts, operating systems, applications, services, protocols, users, and analyses of content and network behavior.
- Continuous security: aggregate and correlate data from across the extended network, able to discriminate between active attacks and reconnaissance versus background noise.
- Retrospective security: continuously analyses file behavior and activities over time in order to detect malware that may alter its behavior to avoid detection, understands the full extent of an infection, establishes root causes, and performs remediation.
“Cisco’s threat-focused approach to security provides protection across an extraordinary breadth of coverage that spans the extended network where Cisco Security products are deployed — from the core enterprise network to data center to cloud and mobile endpoints," said Mukherjee.
Besides developing the right technology systems framework, big data and real-time analytics are emerging as the next wave of preemptive defense while biometrics is the front runner for authentication. Overlapping and multi-layered defense, coupled with real-time operational response and customer education, is required to mount an effective security solution against cyber threats. To stay head of cyber threats in an increasingly competitive marketplace, greater collaboration and sharing of resources between banks, vendors and governments must also take place.
Keywords: Cisco, Cybersecurity, Digital Network, Fraud, Mobile Payment, ATM, Debit Card, API, Malware, SWIFT