Network security has become increasingly complicated for financial services providers due to the popularity of the Internet of Things (IoT) and consumer desire to access valuable data on various mobile devices.
While financial institutions are transitioning their network security strategies to keep up with these current consumer demands and give greater individual access to their networks, they must also be cognizant of the evolving threat landscape. Cyberattacks are constantly becoming more sophisticated in order to bypass traditional network security measures. At the same time, increased access to the network by IoT devices also means increased attack vectors. The need for evolved network security is further emphasized by the attention it has garnered from government regulators, who are shining a spotlight on compliance and security at financial institutions of all sizes.
Strong network security has to operate around two key factors: speed and service. The ideal network experience is judged around how quickly bits of information get from point A to point B, and how quickly applications respond to queries. In finance especially, rapid communication and security are vital, and neither can come at the expense of the other. In addition to fast communication within the network, consumers now expect to able to access and edit information stored within the network through the web. This ability is integral to staying competitive, with more than 60 percent of financial institutions currently developing cloud strategies as a result.
This increased demand for real-time, on-demand services is part of the reason why network security strategies are changing and becoming more complex. Data must be more secure, travel faster, and be more readily available across devices, in spite of being constantly under attack from sophisticated threats.
Moving forward, financial services firms will have to respond to new attack vectors that threaten core functions. As these trends persist, robust network security strategies are evolving to include the following tactics:
Adapting to meet these new challenges means moving away from the traditional tactic of simply placing protection at the edge to implementing something more comprehensive. Network security has traditionally been focused on intrusion protection. This strategy relies on placing defenses at the perimeter of the network to detect and stop malware from entering. However, today’s perimeters are dynamic and increasingly temporary, making edge-based protection less and less effective. Additionally, security professionals have come to understand that it’s impossible to stop every attack. The reality is, there will be successful breaches. Security needs to be designed with this reality in mind.
This is why effective security strategies have advanced from simply relying on intrusion protection to include intrusion detection as well. Intrusion detection systems operate on the assumption that an attack will breach network perimeter defenses. They scan the network for abnormal behavior to detect live attacks that have circumvented the perimeter in order to reduce dwell time, because the longer an intruder or malware can reside undetected inside the network, the more likely it is that they will find and steal valuable information. Today’s sophisticated malware probes the network to find and accumulate valuable data, and then exfiltrates it. The goal is to detect and mitigate the threat before data loss occurs.
This expansion from strictly perimeter-based protection to include security measures at network segmentation demarcation points, deep in the core of the network marks, and out to the cloud are an important strategy shift in network security as financial services firms navigate combining security with the digital evolution.
With intrusion detection systems in place, incident response is the next step in ensuring attacks are mitigated quickly once detected. With today’s new threats, incident response has to go beyond having a list of procedures to follow in the event of an attack. It needs to include integrated tools that provide full visibility into the security posture of the network, automated solutions that identify and respond to abnormal activity, and forensic tools for analysis to ensure similar threats are not successful. Once malware is detected, it’s important to have an integrated security structure in place across your entire extended network to mitigate its impact before it can further compromise your network.
Once the incident response team has mitigated a threat, it needs to then be assessed by a threat research team, either an internal group or one provided via a third-party, to ensure that protocols are updated to keep similar threats from being successful in the future. Threat research is integral to both intrusion prevention and incident response. Threat research teams study such critical areas as malware, botnets, and zero-day attacks to identify device or network vulnerabilities, uncover weak threat vectors, and create mitigation signatures. The broader network security is then appropriately hardened, updated with abnormalities to look for, and enhanced with the tools needed to stop them from causing damage. Solid threat intelligence keeps your network steps ahead of attackers by setting up protocols for both known and unknown vulnerabilities.
Four key changes have made it necessary for financial institutions to reevaluate how they approach network security: cloud-based infrastructure and services, IoT, increased sophistication of cyberattacks, and stricter government regulations. As the internal network interacts more often with the web and cloud, and attacks become more sophisticated, it is inevitable that an attack will successfully breach the network. Which is why it is critical that an organization’s security focus shift to ensure that once malware has made it into the network, it can be detected and mitigated quickly to ensure the least possible damage and reduce the chance of recurrence. To do this successfully, organizations need to select and deploy interconnected intrusion detection, threat intelligence and analytics, and incident response tools across the entire distributed network.
Let’s get a conversation going on Twitter! What security strategies should financial organizations be implementing as mobile and the IoT become more prominent?