Financial services organizations are prime targets for cybercriminals, but that’s not the only cybersecurity challenge they face. They grapple with heavy regulation, siloed teams, and needing to secure a complex combination of cloud-based and legacy infrastructure.
“Banks have our names, our addresses, Social Security numbers,” said Reese D'Herckens, director of sales engineering at ExtraHop. “And again, more importantly, they have a lot of people's money. These are things that cybercriminals covet.”
D'Herckens and Sonal Shetkar, manager of sales engineering at ExtraHop, described several major cybersecurity obstacles that financial institutions face during a recent American Banker podcast.
Siloed networks, complex infrastructures
Because of regulations, multiple networks within the same financial company tend to be isolated from each other, Shetkar noted. A low-latency trading environment may be separate from an online banking network or a wealth management system, she said.
While siloed teams are common in other industries, “that whole idea just morphs into something so much bigger when it comes to banks,” she added. “Because now you're not just dealing with teams being siloed, but you're dealing with environments and networks being siloed.”
Meanwhile, banks often continue to use legacy hardware, including mainframe computers, as well as cloud computing and other modern technologies, Shetkar said. And decisions to make technology changes move slowly because of concerns about regulatory compliance.
“It could be because you just have so much at stake that whenever you want to make changes or modify something, you want to be absolutely certain,” she said. “Going through all the red tape associated with getting a new technology approved just takes so long that you end up having a mixed bag of legacy hardware. And that just leaves you more vulnerable to possible attack vectors.”
Because of the many challenges financial institutions face, they must take extra care to monitor and secure their global networks, which often are a patchwork of both IT environments they have built and those they have inherited in mergers or acquisitions, D'Herckens added.
“The one constant is the absolute need to know thyself,” he said. “Absorbing massive IT environments, without first establishing a complete understanding of the assets and the networks and risks is unacceptable in banking.”
Banks must also continuously observe their own attack surfaces and have transaction-level analysis of the many unique protocols used in finance, he added.
Build vs. buy
Podcast host Michael Sisk asked D'Herckens and Shetkar whether large financial institutions should build their own cybersecurity solutions or use an outside vendor. Both advised financial institutions to focus on what they do best, managing money.
“One of the best ways to think through this question is to ask yourself what is your appetite for solving this problem?” Shetkar said. “Is that appetite going to stay in the long term?”
Building a cybersecurity solution isn’t about solving a particular problem at one point in time, she added.
“It's also about managing it over time, maintaining it over time, then scaling that solution as your needs grow and maybe attaching to other business units within your organization,” she said. “And then having the ability to innovate on it as your market needs change.”
Understanding zero trust
Many financial institutions are currently focused on implementing zero trust strategies or micro-segmentation rules inside their networks, neither of which are easy to implement on large, complex networks, D'Herckens added.
“The biggest struggle is they don’t understand data in motion and application mapping,” he said. “One wrong policy inside the network can bring down all of your trading activity or some other key application. Too much is at risk.”
When trying to implement these new policies on their own, banks can take years to make it happen, and in some cases, it never gets done, D'Herckens said.
To move to zero trust, financial institutions must fully monitor their networks, he added. This monitoring should extend to the multiple cloud providers that many banks use.
“How are you supposed to know where to put all the locks if you don't first truly understand what's communicating on your network and how they're communicating?” he said. “Having that real-time monitoring of communications is equally important to ensure that you're maintaining your zero trust framework.”
Financial institutions need complete visibility across distributed networks along with the ability to take quick action on insights gained from internal and external information sources. They also demand a real-time inventory of devices connected to their networks, detection of threats hiding in encrypted traffic, and alerts about other vulnerabilities.
The ExtraHop Reveal(x) network detection and response (NDR) solution can give financial institutions complete visibility across their networks and across the entire attack surface, including multiple clouds, on-premises and colocation data centers, and remote sites. The solution leverages scalable cloud resources and AI to perform analytics on petabytes of network traffic each day, with the ability to selectively decrypt encrypted traffic. Reveal(x) can unveil the truth about the performance and security of financial institutions’ IT systems at global scale.
To learn more about about how Reveal(x) can help protect financial institutions against cyberattacks, see these white papers: