Cyber criminals have their cross hairs firmly locked on the financial sector. Although financial institutions have long been primary targets for breaches, the challenges they face today are vastly different than those of the past. Once upon a time, robbing a bank involved devising a perfectly plotted and highly dangerous course of action, which only the most brazen attackers would dare attempt. The attacks of today are much subtler, so subtle, in fact, that they often go undetected by security teams.
Cyber Criminals Up Their Game
Over the past few years the industry has seen a massive upsurge in attacks. The breaches at JPMorgan, Citigroup and Bank of America prove that even the biggest players in this field are not prepared.
Attackers were able to steal well over one billion dollars from banks in 2015 by using a diverse array of multi-pronged attack methods, including Distributed Denial of Service attacks (DDoS), malware attacks using potent offenders such as Vertexnet, Ponyloader and GozNym, cloud based botnets, spearfishing attacks and more.
A study of 7111 financial institutions, published by Security Scorecard, found that 75% of the top 20 US commercial banks are currently infected with malware. According to the Global Economic Crime Survey, conducted by PricewaterhouseCoopers LLP, threats to the industry are rising and 41% of bank leaders are fairly sure they will experience an attack in the next 12 months.
More Analysts and More Tools Don’t Equal More Security
The industry is doing all it can to fight back against threats by hiring additional analysts and increasing point solutions. After witnessing the spate of breaches at other institutions, Goldman Sachs added 1000 security workers worldwide and JPMorgan pledged to double its 250 million dollars security budget annually. Collectively JPMorgan, Bank of America, Citigroup and Wells Fargo spend 1.5 billion dollars on cyber security each year.
The security operations center of the typical bank uses a growing mix of point tools such as firewalls, perimeter security, threat detection platforms, intrusion prevention and sensors to block, locate and remediate attacks. But for all the time and resources being pumped into security, they have little to show in terms of efficacy. With each additional tool, costs and complexity rise, creating a complicated cocktail of end point solutions, each yielding data that lives in its own silo.
Under these circumstances, dwell times go up and the likelihood of a rapid remediation falls significantly. Teams cannot get a transparent view across their SOC, and data blind spots are inadvertently created, serving as the perfect gateway for attackers. The main message we hear from security teams is that despite their myriad of point tools and analysts, they simply cannot keep up with the threats at their door.
The Key to Fast Remediation is End-to-End Visibility
Here’s the bottom line: breaches are unavoidable. While preventing attacks will always be critical, the goal has shifted to locating and terminating breaches as quickly as possible to mitigate damage. This hinges upon achieving fully contexualized visibility across the security footprint.
Siemplify ThreatNexus ingests all data from all tools across the SOC, allowing analysts to quickly understand the context behind events in order to build a true end-to-end perspective. The graphical interface grants in-depth insights into events as they take place and helps analysts understand their significance in a fraction of the time. ThreatNexus becomes the hub for all information and allows analysts to collaborate in ways previously impossible.
By bringing data from patchworked sources together, all intelligence becomes actionable. Analysts can proactively search for and organize threats across their environment, which means threats can be triaged and solved faster than ever before. And analysts no longer need to string together bits of data from multiple tools and systems. The complete story of their security is already there, within the ThreatNexus platform.
To stop the success of cyber criminals, financial and banking institutions must consider a holistic solution, one that evolves the SOC beyond a fragmented approach to an actionable, intelligent SOC for the next generation. ThreatNexus takes security operations centers into that next generation.