Financial institutions serve as the bedrock of global economies, managing vast datasets and facilitating crucial transactions. However, their pivotal role also makes them prime targets for cyberattacks. According to the IMF, nearly one-fifth of all incidents directly impact the sector, resulting in substantial losses, nearing $12 billion since 2004. Certain unique characteristics of the financial sector, such as high market concentration in critical services like payments or custody, and reliance on common third-party IT providers, amplify the impact of cyberattacks. The recent ransomware attack on ICBC Financial Services (the U.S. arm of China’s largest bank, the Industrial and Commercial Bank of China) exploited some Citrix NetScaler vulnerabilities leading to the disruption of U.S. Treasury trading and corporate communications. This incident underscores the interconnected nature of financial systems, which exposes various attack vectors and supply-chain risks, threatening not only individual institutions but entire economies. Let’s try to understand why financial institutions struggle to implement robust cybersecurity measures. Navigating the regulatory maze The financial services industry’s critical nature necessitates stringent regulation. This is why they have laws like GLBA, PCI DSS, DORA, and the EU Cybersecurity Act in place. While GLBA and GDPR ensure transparent data-sharing and sensitive information protection, PCI DSS secures payment card data. DORA and the EU Cybersecurity Act emphasize resilience and security across financial institutions and their ICT provider ecosystem. Implementing robust measures across extensive networks poses significant challenges for financial institutions and streamlining compliance reporting amid evolving threats remains an ongoing industry struggle. Tech dilemma: Balancing innovation and cyberssecurity Financial institutions confront a dual challenge: integrating customer-driven technologies while ensuring robust security. Each tech advancement widens the threat landscape. While tools like online banking enhance the user experience, they also expand potential attack points. Despite offering flexibility, multi-cloud strategies introduce varied security protocols and vulnerabilities, straining internal cybersecurity capacity. Furthermore, emerging tech like AI presents opportunities for risk detection but also introduces new risks, such as sophisticated phishing or identity theft via deepfakes. An illustrative incident involved scammers defrauding a firm of HK$200 million (USD25.6 million) through a deepfake video call. Looking ahead, quantum computing could pose further risks by rapidly compromising encryption algorithms, amplifying losses from cyberattacks. Cybersecurity: A technological concern, not a strategic one Financial institutions’ senior management teams concentrate on diverse business risks, yet frequently relegate cybersecurity solely to the CISO and technical teams, leading to isolated discussions. This segregation yields insufficient risk management. Recognizing cybersecurity as a core business risk necessitates senior management’s involvement. European regulation DORA endeavors to rectify this by making the entire management accountable for ICT risk management, not solely the CISO, fostering a more comprehensive approach to cybersecurity across organizations. Strategize. Simplify. Solve. To counter evolving threats, the financial sector must adopt proactive cybersecurity measures, integrating AI, big data analytics, and swift response systems. While AI poses new risks, it can also enhance threat detection and response. Institutions need strategic partners that understand the evolving treat landscape and can offer comprehensive defense solutions. Key cybersecurity strategy considerations must include the following: Continuous, proactive exposure management – Financial institutions must address risks from unmanaged digital assets, vulnerabilities, configuration weaknesses, exposed credentials, and more. AI algorithms can analyze data for threat patterns, while machine learning models use historical attack data to detect and prevent real-time threats. Centralized cloud security posture management (CSPM) – Financial institutions often deploy multiple CSPM solutions for multi-cloud security, but this can complicate management. Holistic solutions should automate orchestration across hyperscalers’ CSPM tools for continuous policy management. AI-powered systems monitor cloud environments, detecting misconfigurations and threats in real-time, alerting security teams to potential risks. Cybersecurity mesh architecture (CSMA) to maximize existing cybersecurity investments – Financial services struggle with fragmented security views across their digital estate and value chains. Disjointed operations impede visibility and control, while siloed tools hinder threat detection and response. Gartner’s Cyber Security Mesh Architecture addresses this by integrating security and operational data into a unified ecosystem, providing a single console for actionable insights. This architecture leverages existing investments, enhancing security outcomes. AI further strengthens this framework by contextualizing incidents and correlating data from logs, alerts, and threat intelligence, enabling security teams to prioritize and respond to threats more effectively. Robust identity and access management (IAM) – Insider threats pose significant risks to financial institutions due to employees’ and contractors’ access to sensitive data. These threats, whether intentional or accidental, can lead to severe breaches and financial losses. Cybercriminals’ use of Generative AI (GenAI) is amplifying this risk by enabling convincing phishing attacks and sophisticated social engineering, including voice imitation, deepfakes and chatbots. Consequently, robust Identity and Access Management (IAM) systems are crucial. Enhanced IAM with multi-factor authentication (MFA) protects against unauthorized access. AI integration in IAM improves anomaly detection, risk-based authentication, and user profiling, ensuring compliance and bolstering defenses against evolving cyber threats. Swift response and recovery – Despite robust cybersecurity measures, financial institutions must prepare swift response tactics for successful attacks. AI-powered systems can detect incidents and leverage cloud platforms’ native recovery features to initiate predefined actions. These can include isolating compromised systems, blocking malicious traffic, quarantining suspicious files, and restoring compromised assets to a healthy state, ensuring rapid recovery and minimizing damage. Effective security data management and industry collaboration – The efficacy of AI-driven cybersecurity relies on ample, high-quality training data. Financial institutions that grapple with dispersed security tools lack visibility and data cohesion. To address this, they should adopt centralized storage solutions across cloud, SaaS, and on-premises environments. Consolidated data fosters actionable insights, while big data analytics refine risk assessment. Collaborative frameworks are also essential for responsible data sharing between industry players, safeguarding sensitive information and mitigating legal risks. Leveraging these data pools, financial institutions can develop advanced fraud and cyber threat detection models. Navigating cyberattacks in the financial sector As financial institutions navigate the treacherous waters of cyber threats, a multi-pronged approach is imperative. From proactive exposure management to robust identity and access management, and swift response tactics, institutions must fortify their defenses. Yet, the linchpin will continue to be effective security data management. By leveraging AI-driven insights and fostering responsible data sharing, financial entities can forge ahead, armed with the resilience needed to withstand evolving threats and protect global economies. Eviden offers expertise in establishing secure postures and combating evolving threats. Explore our Managed Detection and Response capabilities and Digital Security Magazine for insights on the latest trends in cybersecurity. To learn more about Eviden’s revolutionary cybersecurity solutions meet us at Money 2020, Booth #5J40. We look forward to a detailed interaction.