In some ways, enterprise security can resemble a true crime television series, where detectives seek out clues and meticulously piece them together to identify and catch the bad guy. This works as a metaphor for the traditional approach to endpoint security. Security professionals monitor endpoints looking for anomalies, clues, that will help them find and remediate threats.
Detecting malicious actors has never been more important for the financial services industry. The 2019 Verizon DBIR shows us that 71 percent of breaches were financially motivated, and it’s no secret that financial data is one of the most attractive targets for hackers.
Cyberattacks in the financial services sector has grown by a staggering 80 percent between 2016 and 2017, resulting in a 57 percent rise in the cost of cyber-attacks for these financial firms. Accenture, estimates an average loss of $18 million per year at financial services institutions. Compliance costs and risks are also growing with data protection regulations like the European General Protection Regulation (GDPR).
However, while making sure you quickly detect a breach, isolate the incident and take the correct remedial action is of course still paramount, it’s no longer sufficient.
Endpoint security: the need to move from the right to the left of the endpoint
The language of a breach may seem to be taken directly from an espionage thriller, with language like threat vectors, kill chains, command-and-control and exfiltration in common usage. However, this isn’t plot of the newest summer blockbuster, but a reality of today’s enterprises that face damaging and long-term effects of undetected security breaches. With almost 20 percent of consumers and organizations unaware that they have been breached, a cycle of ambivalence is repeated where personal information and digital identities remain unprotected and exposed to malicious hackers. This is a likely consequence to challenges security teams face today, in which they are drowning in an overwhelming number of endpoints, whether it be PCs, laptops, server, tablets or smartphones. Almost 45 percent of security teams are managing 5000 to 500,000 separate endpoints, making it difficult to secure all of them properly.
In addition, the nature of threats continues to morph. Along with malware, enterprises have to deal with the likes of injection attacks, rootkits, DNS attacks and zero-day exploits. It has been a long time since a corporate firewall was enough to protect networks.
Now, we need to rely on a wide range of capabilities including malware detection, user and endpoint behaviour analysis, system memory analysis and sandboxing, where security professionals can safely run a suspicious app or file away from any corporate network.
In order to address the changing threat landscape, we need to change our thinking and capabilities for endpoint security. Previously, security teams have focused on what happens to the right of the endpoint – the effects of a breach within a corporate network. Today, we have to include what happens to the left – what the attacker is doing and how they’re doing it.
The benefits of 360°threat detection
Security teams within the financial sector have to move beyond the detection and remediation of breaches that have already occurred and need to be able to address active breaches as they happen. Adding active breach detection to the digital forensic and incident response (DFIR) capabilities within endpoint protection platforms will provide a comprehensive end-to-end threat detection and resolution.
This will give teams the capability to instantly identify and report breach signals like lateral movement through their systems, command-and-control, malware installation and data exfiltration. With this, they will be able to orchestrate and automate incident response with threat-soring, validation, tracking and quick remediation. Advanced detection solutions with a 360 approach will introduce active breach detection at scale.
Regardless whether a security professional is managing 5,000 or 500,000 endpoints, this approach will grant full visibility and if a breach does occur, the forensic work doesn’t have to concentrate on a small number of endpoints but can include every endpoint on the network.
Early endpoint detection eases your compliance risk
With an increasing number of customers worried about data privacy and sharing, new data protection regulations are also beginning to bite across the globe. Perhaps the highest profile is the GDPR legislation in Europe that affects any company with customers in the European Union. EU regulators have promised to impose huge fines for companies that don’t properly protect the personal data they hold and that’s exactly how things are turning out. For example, late last year, Tesco Bank in the UK was fined $21.7 million for failing to protect the details of current account holders. By implementing 360° threat detection, financial services companies can detect active breaches early and act proactively before the breach causes any damage or exposes personal data.
Rather than just alerting users once the attack has taken place, this approach will allow teams to block the process and learn from an attacker’s behaviour to better prepare for future threats. This will result in being able to put a stop to the problem before it reaches a level no one wants to get to: having to notify the authorities and your customers that an incident has occurred.
As the threats attacking financial services institutions become more complex and endlessly iterative, it’s important that endpoint security programs evolve to not only meet these threats, but to also take advantage of the increased data and insights we now have at hand. This is even more important in sectors that are not only highly targeted, but also need to protect thousands of endpoints. Ensuring teams are enabled to address active breaches as they happen is a key step in continuously improving the cybersecurity posture of businesses in key industries.