Vulnerability ManagementFinancial services organizations should implement a robust vulnerability management system which includes regular automated vulnerability scans of applications, computers and third-party services, followed by timely patching of vulnerabilities. As soon as a security patch is released, it triggers a rush by bad actors to exploit the vulnerability in unpatched systems as they are aware of the small window available to them before the patch becomes pervasive. As evidenced in the Equifax breach where an Apache Struts library was not patched on time, hackers got away with PII (personally identifiable information) data for nearly half of the entire US population. It is important to scan all applications and systems for vulnerabilities and patch them as soon as possible.
Third-Party Risk ManagementMost financial organizations obtain services from many third-party vendors or service providers. Sometimes the number of such service providers for a financial organization can be in the hundreds. A large number of financial organizations are victims of supply chain attacks where the attack originated at one of the third-party service providers. Attackers are lured by the reward potential since a successful attack on one provider can lead to a successful attack on more providers in the chain. The Solarwinds attack was due to a compromised third-party software update and the Target attack was due to compromised third-party login credentials. A third-party cyber risk management program can mitigate the third-party risks and improve the third-party management program. Such a program includes having an inventory of all vendors across the entire organization and identifying ones that provide critical services as well as support services. These vendors should be classified based on risk (high, medium and low) depending on the level of data being processed or accessed. Learn more about how financial IT consulting services can protect sensitive data.
Incident Response PlanWe have become all too familiar with frequent security breaches occurring every few weeks if not days. It’s not always possible to avoid security breaches. But a solid incident response plan can limit the damage and cost as well as reduce recovery time. A good incident response plan consists of the following activities:
- Creation of Security Incident Response Team with clear roles and responsibilities.
- Defining risk tolerance for the business that includes identification of greatest risk to the business, critical data and key functionality for the business to continue to operate
- Event classification where incidents are classified as high, medium and low risk. Classifying incidents allows them to be prioritized when they occur.
- Explicit Instructions with procedures in detail that provide the steps every person involved in an incident should follow.
Threat MonitoringThis involves continuously watching your network, endpoints and devices for anomalous activity. By continuously analyzing and evaluating security telemetry you are able to identify intrusions and cyberattacks before they become a successful attack. These solutions collect, analyze and correlate information from various appliances, sensors, endpoint agents to see patterns that indicate a potential attack. Upon identification of a threat, the incident response team can be alerted to take immediate action. The security posture of companies is greatly enhanced as threat monitoring enables them to defend against insider and outsider threats when they have full visibility into data access and usage and can enforce data protection policies to prevent sensitive data loss. Some benefits of threat monitoring are:
- It helps an organization’s regulatory compliance efforts or business agreements that mandate monitoring of sensitive assets.
- Provides real-time visibility of activities on the network and people involved in those activities which directly relate to risk.
- It helps isolate vulnerabilities in applications, endpoints, networks and drives understanding of how to fix them.
- Gives an understanding if network usage policies are being followed.
Employee EducationA large percentage of successful cyber attacks are phishing or social engineering attacks. A user may receive an email from a known contact that is compromised with an attachment or a link. Upon opening the document or clicking on the link, the user’s machine will become compromised and could potentially infect other systems. Similarly, the user could become a victim to a social engineering attack and be asked to perform some action that would compromise the systems or the network. A good employee education program will teach best practices like how to recognize phishing or social engineering attacks, how to avoid leaving workstations unattended, rotating passwords regularly, using password managers, employing multi-factor authentication, and testing for employee response to simulated phishing attacks. All this will reduce the risk and improve the security posture of the organization. To learn more about how BeyondID can partner with your financial institution to implement these best practices, fill out the form below.