Banks, financial institutions and the global economy are increasingly dependent on the critical infrastructures of the financial sector. The latter comprise a wider range of assets including both physical (e.g., data centers, bank branches, buildings, ATM machines) and cyber (e.g., servers, networks, software) elements. Any disruption to these elements can have several implications in the graceful execution of financial transactions and consequently adverse effects for consumers and businesses. Therefore, financial organizations pay special emphasis on the security of the critical infrastructures of the financial sector, including their resilience against attacks. While both physical security and cybersecurity are important, financial organizations are rapidly increasing their cybersecurity investments given the proliferating digitization of their critical infrastructures.
Notorious Incidents Affecting Financial Infrastructures
Despite significant investments in cybersecurity, recent incidents demonstrate that financial organizations remain vulnerable against cyberattacks. During the last couple of years, the world witnessed the following attacks against the infrastructures of the financial sector:
- Attacks against the SWIFT system: In the period 2015-2016, several banks around the world experienced security attacks against the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system, which resulted in significant monetary losses. One of the most prominent attacks took place in February 2016, back in February 2016 and resulted in theft in $81 million from the Bangladesh Central Bank.
- “Wannacry”: Back in 2017, this notorious ransomware attacked financial institutions and affected several Russian and Ukrainian banks. Specifically, the Russian central bank reported that the attack exposed various security flaws that affected some of the country’s largest institutions.
- Massive data breach at Equifax: In 2017 a data breach at Equifax created a turmoil in the global markets and affected more than 140 million consumers. According to the company, hackers gained access to customer files which included personally identifiable information such as customer names, addresses and social security numbers. The attack exploited a vulnerability to company’s web site and is considered one of the largest cybersecurity incidents of all times.
Beyond these notorious incidents, recent security reports demonstrate that the finance sector suffers from security attacks more than other sectors. Specifically, in 2016 financial services customers suffered over 60% more cyberattacks than customers in any other sector, while cyberattacks against financial services firms increased by over 70% in 2017.
A Surge of New Security Challenges
These proclaimed security vulnerabilities of the financial sector are largely due to the increased digitalization of the critical infrastructures of financial organizations, which raises new challenges. The latter include:
- The physical and cyber security integration challenge: Physical security and cybersecurity in financial organizations remain “siloed” and are usually carried out by different departments and security teams. Likewise, physical security systems (e.g., Closed Circuit TeleVision (CCTV) and Biometric Access Control systems) do not interact with cybersecurity platforms (e.g., Firewalls and Intrusion Detection Systems (IDS)). This renders financial organizations vulnerable in combined attacks that try to exploit physical and cybersecurity vulnerabilities at the same time. This was for example the case in several SWIFT attacks, where hackers took advantage of physical access to SWIFT devices in order to launch attacks against cyber assets. Overall, the lack of integration between cyber and physical security results in fragmented security processes and inefficient measures.
- The stakeholders’ collaboration challenge: Financial organizations are in most cases interconnected when engaging in transactions in the financial services value chain, such as cross border payments or investment management transactions. Therefore, it’s common for the vulnerabilities of one supply chain participant to affect its counterparts. Likewise, any attack against a financial company can have significant cascading effects against others. In this context, sharing of security information across the financial services supply chain and stakeholders’ collaboration is needed. The challenge is to make security processes (such as risk assessment) collaborative, as a means of increasing the resilience of supply chain interactions. Nowadays, financial institutions are starting to exchange data (e.g., as part of their participation in the Financial Services Information Sharing and Analysis Center (FS-ISAC)), yet collaborative security processes are still in their infancy.
- The regulatory compliance challenge: Financial organizations are currently faced with a complex and evolving regulatory landscape, which asks for increased security, resilience and data protection. For example, the adoption of Open Banking and of the Second Payment Services Directive (PSD2) increases the rate and frequency of sensitive data exchanges, which makes organizations more vulnerable against data breaches. At the same time, financial organizations operating in Europe need to comply with the General Data Privacy Regulation (GDPR), which asks for stricter and effective security measures and foresees very high penalties for cases of non-compliance.
- The automation and flexibility challenges: In an era where the number of cyber and threats (e.g., intrusions, malware, ransomware) is exploding, manual security and surveillance become very costly and barely practical. Financial organizations are therefore challenged to deploy more automated and intelligent solutions that require fewer human resources. At the same time, financial companies can no longer afford to dispose with infrequent security updates and patching processes. Rather, they have to be very flexible and able to revise security policies on a daily basis or even more frequently.
Fortunately, recent advanced in security technologies provide the means for coping with these challenges. In particular:
- SIEM (Security Information and Event Management) Systems, are currently enhanced in order to record and to analyse both cyber and physical security information. This SIEM evolution can provide a first line of defence against combined and integrated security attacks, through combining events and insights from both the physical and the cyber world. Moreover, it can serve as a basis for implementing integrated security policies.
- Information Sharing and Security Collaboration is gradually becoming easier and more effective than ever before. Organizations are offered with novel secure, decentralized and transparent solutions for sharing security information, such as solutions based on blockchain technology. This lowers the barriers for exchanging security sensitive information and boosts the implementation of more advanced collaborative security, including collaborative risk scoring and mitigation.
- Emerging Artificial Intelligence (AI) Solutions for Security Monitoring enable financial enterprises to detect complex security patterns that are hardly perceivable by security operators at the first place. This provides a foundation for predicting and anticipating security incidents, but also for automating security measures. AI techniques can be nicely combined with integrated SIEM systems as part of the implementation of integrated security policies.
- The popular DevOps (Development and Operations) movement in software development is gradually extended to the security domain, leading to a new practice that is conveniently called DevSecOps. Based on the principles of agile software engineering, continuous integration and continual improvement, DevSecOps processes can facilitate organizations in implementing responsive security infrastructures that help them revise their security policies in a daily or even hourly basis. DevSecOps will soon enable organizations to patch, upgrade and deploy new security measures very frequently, as a means of rapidly responding to emerging threats.
Overall, in an era of rising security incidents in the financial sector, financial organizations are offered with novel tools in their arsenal against hackers. However, it’s their responsibility to find proper ways for deploying and fully leveraging these tools as part of their security policies. This can be a challenging task in the years to come.