The Role of Endpoint Security in Financial Services
In some ways, enterprise security can resemble a true crime television series, where detectives seek out clues and meticulously piece them together to identify and catch the bad guy. This works as a metaphor for the traditional approach to endpoint security. Security professionals monitor endpoints looking for anomalies, clues, that will help them find and remediate threats.
Detecting malicious actors has never been more important for the financial services industry. The 2019 Verizon DBIR shows us that 71% of breaches were financially motivated, and it’s no secret that financial data is one of the most attractive targets for hackers.
Cyberattacks in the financial services sector have grown by a staggering 80% between 2016 and 2017, resulting in a 57% rise in the cost of cyberattacks for these financial firms. Accenture estimates an average loss of $18 million per year at financial services institutions. Compliance costs and risks are also growing with the adoption of data protection regulations such as the European General Protection Regulation (GDPR).
However, while making sure you detect a breach quickly, isolate the incident and take the correct remedial action is still paramount, it’s no longer sufficient.
Endpoint Security: Move to the Left of the Endpoint
The language of a breach may seem to be taken directly from an espionage thriller, with language such as “threat vectors,” “kill chains,” “command-and-control” and “exfiltration” in common usage. However, this isn’t the plot of the newest summer blockbuster, but a reality of today’s enterprises that face damaging and long-term effects of undetected security breaches.
With almost 20% of consumers and organizations unaware that they have been breached, a cycle of ambivalence is repeated wherein personal information and digital identities remain unprotected and exposed to malicious hackers. This is a likely consequence to challenges security teams face today, in which they are drowning in an overwhelming number of endpoints, whether it be PCs, laptops, servers, tablets or smartphones. Almost 45% of security teams are managing 5,000 to 500,000 separate endpoints, making it difficult to secure all of them properly.
In addition, the nature of threats continues to morph. Along with malware, enterprises have to deal with the likes of injection attacks, rootkits, DNS attacks and zero-day exploits. It has been a long time since a corporate firewall was enough to protect networks. Today, we need to rely on a wide range of capabilities including malware detection, user and endpoint behavior analysis, system memory analysis and sandboxing, where security professionals can safely run a suspicious app or file away from any corporate network.
To address the changing threat landscape, we need to change our thinking and capabilities for endpoint security. Previously, security teams have focused on what happens to the right of the endpoint: the effects of a breach within a corporate network. Today, we have to include what happens to the left: what the attacker is doing and how they’re doing it.
The Benefits of 360° Threat Detection
Security teams within the financial sector have to move beyond the detection and remediation of breaches that have already occurred and need to be able to address breaches as they happen. Adding active breach detection to the digital forensic and incident response (DFIR) capabilities within endpoint protection platforms will provide comprehensive end-to-end threat detection and resolution.
This will give teams the capability to identify and report instantly breach signals such as lateral movement through their systems, command-and-control, malware installation and data exfiltration. With this, they will be able to orchestrate and automate incident response with threat-soring, validation, tracking and quick remediation. Advanced detection solutions with a 360-degree approach will introduce active breach detection at scale.
Regardless of how many endpoints a security professional is managing, this approach will grant full visibility, and if a breach does occur, the forensic work can include every endpoint on the network.
Early Endpoint Detection Eases Your Compliance Risk
With an increasing number of customers worried about data privacy and sharing, new data protection regulations are also beginning to bite across the globe. Perhaps the highest-profile is the GDPR legislation in Europe that affects any company with customers in the European Union. EU regulators have promised to impose huge fines for companies that don’t properly protect the personal data they hold, and that’s exactly how things are turning out. For example, late last year, Tesco Bank in the UK was fined $21.7 million for failing to protect the details of current account holders. By implementing 360-degree threat detection, financial services companies can detect active breaches early and act proactively before the breach causes any damage or exposes personal data.
Rather than just alerting users once the attack has taken place, this approach will allow teams to block the process and learn from an attacker’s behavior to better prepare for future threats. This will result in being able to put a stop to the problem before it reaches a level no one wants to get to: having to notify the authorities and your customers that an incident has occurred.
As the threats attacking financial services institutions become more complex and endlessly iterative, it’s important that endpoint security programs evolve to not only meet these threats but also to take advantage of the increased data and insights we now have at hand. This is even more important in sectors that are not only highly targeted but also need to protect thousands of endpoints. Ensuring teams are enabled to address active breaches as they happen is a key step in continuously improving the cybersecurity posture of businesses in key industries.
