Financial services companies are among, if not the, highest-risk targets of external threat actors. Simultaneously, financial services networks often prove the largest in terms of devices and digital locations; maintaining secure monitoring and threat detection over the entire IT environment can prove daunting even to the most equipped IT security teams. Add to this problem the flood of COVID-19-related cyber-attacks, and you have a potential recipe for disaster if you neglect cybersecurity.
Therefore, financial services companies should look into extended detection and response (XDR) technology. To learn more we turn to David Valovcin, President of empow, who explains how financial services can rely on XDR.
How Financial Services Companies Can Prepare for COVID-19-Related Cyber-Attacks. Clue: It’s XDR.
By David Valovcin, President, empow
Financial services companies, always a ripe target for cyber attackers, have seen a scary surge in cyber-attacks over the past months. Throwing more money at the problem won’t necessarily solve it, but XDR is a new approach that can make a real difference.
If you’re a security professional in the financial sector, you’ve probably had some sleepless nights in the past few months, and not just over health worries. COVID-19 has exacerbated the already heavy targeting of financial institutions by cyber attackers.
Recent reports estimate the cost of a cyber-attack to a financial services company at $18.3M, with 70 percent of such companies having experienced a security incident in 2019 and 70 percent of bank supervisors citing cyber-attacks as their top concern.
Beyond the standard technology and budgeting difficulties, today there are more hurdles facing SOC managers:
- Recruitment and the “Skills Gap:” Security professionals are hard to come by, and even if there is a hiring budget, you won’t necessarily be able to get the right talent. In addition, cyber-attacks evolve quickly, and having staff that can keep up with the rapidly changing landscape requires a lot of effort and time. The “cybersecurity talent drought” is getting worse and worse, with research (according to Cybersecurity Ventures) forecasting that there will be a staggering 3.5 million unfilled cybersecurity jobs globally by 2021 – next year!
- Regulation and compliance: The skyrocketing number of ransomware attacks – a growing number successful – on financial institutions has brought new regulations and fines. Just a couple of weeks ago, on October 1st, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory against ransomware attacks. Citing the rising demand for ransomware payments during the COVID-19 pandemic, the advisory stipulates sanctions and fines of up to $20 million for companies agreeing to pay the ransomware. This is a double whammy. Financial institutions that are attacked are fined after-the-fact. The only way forward is a predictive way forward – prevention coupled with detection and immediate response.
Extended Detection and Response (XDR) is a relatively new approach in the security arena that extends protection beyond endpoints to provide detection and response across broader systems and networks. It is particularly relevant for financial services companies thanks to its:
Easy cloud integration
Financial services companies are considering moving their applications more and more to the cloud. However, security concerns keep many companies with sensitive activity or tools running on-prem environments. XDR enables integration across boundaries, providing services on the cloud (over AWS, Azure, etc.) and integration on cloud APIs. These built-in, seamless integrations make for easier onboarding and maintenance of tools, both in the cloud and on-prem. Hybrid computing is the way forward.
Even well-staffed SOC teams are having trouble dealing with the barrage of false alerts generated by SIEM, EDR, and other security tools. Moreover, the staffing challenges mean teams are often overworked, even if the budget exists for hiring, or that the skill set of some of the analysts is not suitable for operating more complex tools.
A good XDR tool will bring advanced automation capabilities, minimizing false alerts, and lowering the burden on the security team. A side benefit is that XDR can actually help improve SOC team morale, excitement, and skills advancement. Rather than having a frustrated team handling lots of noise and feeling like they are running in sand, XDR can highlight real threats and drive a sense of true accomplishment for the team. A happy team is a productive team.
Who should look to XDR and why?
Large financial services companies who already have a SIEM in place but face a barrage of thousands of false alerts to their analysts, often creating a situation where it is impossible to review them all, leading to security vulnerabilities. Larger organizations also have more data, so the cost of their SIEM is also very high, as most SIEM vendors sell per data volume. An effective XDR will automate data ingestion, lowering the number of alerts and the volume of data entering the SIEM in the form of accurate security alert metadata, making for a more effective and less expensive security platform.
Small and medium-sized companies who know they need a SIEM but worry that their small team will not have the capacity to maintain integrations with 3rd party tools and to manually write the large volume of correlation rules needed to maintain it (perhaps they already have a SIEM and see that they are paying, but not getting value out of it). An advanced XDR can provide a “fast path” to the most advanced automation technologies, providing better threat classification with a much lower number of alerts that is manageable for even a very small security team of one or two analysts.
The advantages of XDR in a nutshell:
- Fewer false alerts and less noise provides immediate visibility.
- Better protection from attacks through automation that identifies high-risk attacks, faster.
- Easy integration of hybrid cloud and on-prem environmental feeds.
- Easier onboarding of new data sources and integrations with 3rd party systems.
- Financial savings for larger teams that have a SIEM in place, or a more cost-effective alternative solution for a stand-alone SIEM.
- Scalability and risk reduction going forward.