It almost goes without saying that America’s financial services sector—at the heart of our economy and success as a nation—regularly faces significant cyber attacks from a wide range of threat actors. And while the idea that these bad actors are heavily focused on the financial sector is completely unsurprising—after all, the old saying about why people rob banks (“that’s where the money is”) applies with equal force in the cyber realm—the scale and scope of attacks may make defending the financial services sector a uniquely difficult challenge.
Jamie Dimon, the Chairman and CEO of J.P. Morgan Chase, in his April 4, 2019 letter to shareholders said point-blank, that “[t]he threat of cyber security may very well be the biggest threat to the U.S. financial system.” Dimon specifically noted the “enormous effort and resources” dedicated by banks like JP Morgan to cyber defense efforts, estimating that JP Morgan alone spends “nearly $600 million a year on [cybersecurity] and [has] more than 3,000 employees deployed to this mission in some way.” And in 2018, Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC) conducted a survey that estimated that the average bank spent about $2,300 per employee on cybersecurity, or about 10% of their overall IT budget.
For the fourth year in a row, IBM assessed that the finance and insurance sector was the number one most attacked sector in 2019, with attacks on these institutions accounting for 17 percent of all attacks in the top 10 most attacked industries. And the Director of National Intelligence in his worldwide threat assessment in early 2019 noted the massive scale of North Korea’s cyber threat to financial institutions, including “attempts to steal more than $1.1 billion from financial institutions across the world,” one of which was the “successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh’s central bank.”
Importantly, however, IBM’s data on the targeting of the finance and insurance industry versus the number of data breaches suggests that while financial sector companies “tend to experience a higher volume of attacks relative to other industries” they are also “likely to have more effective tools and processes in place to detect and contain threats before they turn into major incidents.”
These companies have also taken significant steps to protect their assets in the event of a breach, including preparing and testing strong incident response plans, which appear to have been effective at mitigating damages from data breaches to the tune of approximately 10 percent.
Leading in collaboration
Banks are often leaders in the use of shared information to defend one another. The FS-ISAC is one of the most successful information sharing organizations across industry today. And the Financial Systemic Analysis & Resilience Center (FSARC), a newer organization established by some of the biggest financial sector players and focused on long-term resilience, has likewise made significant progress in protecting the financial industry writ large. Building upon these successful efforts in this critical sector to establish true Collective Defense will be a key route to long-term success.
IronNet gets high praise in my book for quality detections and an A+ for top notch program management.
-Head of global cyber threat analytics at a Fortune 200 global bank and IronNet customer
For critical sectors like financial services, the notion of Collective Defense holds strong promise as a core building block of national level cybersecurity, as General (Ret) Keith Alexander has often discussed since launching IronNet in 2014. Collective Defense is at the heart of IronNet’s IronDome solution and is built around the idea of taking behavioral cyber threat intelligence and sharing it, in real-time, across multiple industry sectors, and with the government, to enable companies to work together and defend their enterprises in a collaborative way.
It is for this very reason that the head of security operations at a major U.S. hedge fund — an IronNet customer— said about IronNet’s ability to share real-time threat intelligence that he is “not aware of any other vendor that provides similar technology on the scale that IronNet does – within and across verticals.” Specifically, he noted that IronDome’s ability to “share across verticals shows promise where others have failed” and also “helps us with the known/unknown problem" because with IronNet, "I have a control in place that gives me assurance that we are not being targeted by adversaries based on threat intel, proactive hunting and attacks from other networks.”
IronNet’s people and products are recognized in the financial sector. For example, the head of global cyber threat analytics at a Fortune 200 global bank, also an IronNet customer, said that “IronNet gets high praise in my book for quality detections and an A+ for top notch program management.”
Likewise, drawn to IronNet’s behavioral analytics, National Bank Holdings (NBH) VP of Enterprise Technology Kevin Yeamans shares that sentiment; in fact, he believes that IronNet’s Collective Defense is the "next big thing in cyber.”
You can read the NBH case study, as well as see for yourself how Collective Defense can detect sophisticated cyber attacks in the financial services industry, even as they change tactics, and serve as an early warning system for you and all IronDome customers. View the video below.
The journey to the cloud
As financial firms begin or accelerate the journey to the cloud, how do you ensure the security of customer data and user access to cloud-based applications and assets under management? After all, this responsibility falls on the enterprise not the public cloud provider.
Your foremost security goal, therefore, is to prevent unauthorized data access and/or system manipulation as early as possible in the intrusion lifecycle through early detection. This is where signature-based detection falls short.
Network detection, whether practiced by an in-house Security Operations Center (SOC) or a Managed Security Service Provider (MSSP), can detect anomalies on the network early in the threat intrusion lifecycle. Specifically, behavioral analysis techniques can increase visibility to public cloud assets, data, and workloads, and to detect threats that evade traditional cybersecurity tools. Learn more in the "Detecting cyber threats ahead of the curve: How network defense broadens visibility of cyber risk to the financial sector" eBook.