As cybersecurity attacks against financial institutions continue to increase, banks and other financial organizations must take proactive measures to protect themselves and their data. Here are three strategies they can use to protect themselves from potential intrusions.

A 2020 relationship conducted by the Federal Reserve Bank of New York (FRBNY), modeling the potential impact of a cyberattack on a single U.S. bank, predicted troubling results that continue to loom large in today’s rapidly evolving threat landscape. The model estimates that a one-day attack on one of the top 5 US banks would impact 38% of US financial institutions. Even worse, an attack perpetrated against a large bank and a group of medium and small banks would damage on average 60% of the banks in terms of assets.

Since the report was released, the financial services sector has become one of the the 5 sectors most affected by cyber attacks – and both banks and hackers have become more adept at using technology to achieve their goals. Today, 98% of financial institutions use some form of cloud computingup seven percentage points compared to 2020, and banks are invest heavily in artificial intelligence (AI). Meanwhile, hackers managed to create Phishing schemes created by artificial intelligence and effectively use edge devices to Distributed Denial of Service (DDoS) attacks..

How can banks win this cybersecurity arms race and ensure resilience in the face of possible attacks? This can only be achieved through collaboration, automation and standardized controls for more secure cloud deployments.

Collaborate: Make intelligence sharing a critical defensive weapon

Financial sector organizations believe this an attack on one is an attack on all. Therefore, many financial institutions around the world have committed to doing so share information about threats and vulnerabilities to protect the infrastructure of the entire financial system.

Their efforts have been supported by frameworks and guidelines created to improve information sharing on cybersecurity incidents in the financial sector. For example, the Financial Stability Board based in Switzerland Achieve greater convergence in cyber incident reporting contains 16 recommendations on collecting and sharing cybersecurity information between financial institutions. In the United States, the Securities & Exchange Commission IT security rules require registrants to disclose cybersecurity incidents and measures taken to mitigate such incidents.

Calls for greater transparency herald a new era of collaboration between banks. While cross-border intelligence sharing remains difficult to achieve in Asia, where Geopolitical dynamics often hinder the exchange of regional data, has become more common and easier to perform in insular environments such as the European Union (EU), the United States, and other countries. These areas are at the forefront of improved cybersecurity in the financial sector, and technology plays an important role in their efforts.

The Digital Operation Resilience Act (DORA) is a great example of a government mandate that places technology at the forefront of risk management. Although it was created specifically for the European financial sector, it is a good cybersecurity model for financial services organizations in all countries, including the United States.

DORA shouts “the existing high level of interconnectedness between financial entities, financial markets and financial market infrastructures” as areas of concern. Like the FRBNY report, it notes that localized cyber incidents could quickly spread throughout the European financial system.

According to the EU, one way to prevent this from happening is to contain the damage by “implementing automated mechanisms to isolate affected information assets”. Financial organizations must be able to quickly and automatically identify the source of an attack, isolate and remediate it, prevent it from spreading, and quickly recover from it.

Security managers can work with developers to create automation protocols designed to detect and prevent intrusions, create and maintain enterprise firewalls, and more. For example, open source projects like the Ansible Infrastructure-as-a-Service platform offer pre-built, easy-to-use playbooks that allow teams to quickly create automated security tasks. Once implemented, these activities can help financial organizations significantly reduce the time it takes to discover and contain potential intrusions and remain resilient after an attack.

Standardization: Unify cloud controls for better resiliency

Once again, the open source community, along with members of the financial community, are addressing this issue by building security controls in the cloud. In 2023, the Fintech Open Source Foundation (FINOS) announced a collaborative project standardize controls for public cloud deployments in the financial sector. The target, according to FINOS, is to “develop a unified set of cybersecurity, resiliency and compliance controls across leading cloud providers.” Many financial institutions, including Citi, Morgan Stanley, the Royal Bank of Canada and others, are involved in the project.

The FINOS project is just one example of the open source community’s efforts to provide all organizations, including financial institutions, with greater security and control over their cloud deployments. The efforts stem from the community’s ongoing commitment to transparency, intelligence sharing, collaboration, and using cutting-edge tools to mitigate risk.

It’s no coincidence that these are the same ideals embraced by the financial services industry as well. After all, they are the fundamental principles that will protect all organizations from growing cybersecurity risks, and they are the keys that will help financial institutions remain secure and resilient against current and future threats.

• 

  Dr. Harmon is Red Hat’s global head of financial services. He joined Red Hat in December 2020 and has more than 25 years of capital markets experience with specializations in risk management, advanced analytics, fixed income research and equity analytics. simulation. Prior to Red Hat, Dr. Harmon was a managing director of financial services at Cloudera for 5 years and held senior positions at Citibank, Bankers Trust, JP Morgan, BlackRock, Bank of America and Countrywide Capital Markets, First American CoreLogic and LYMPH.

Source