How to Defend Against Financial Services Cyber Threats?

• Third-Party Risk Management (TPRM) - A Third-Party Risk Management program will identify security vulnerabilities for all third-party cloud services to prevent supply chain attacks. 

Third party risk management (TPRM) (also called vendor risk management or VRM) is the practice of evaluating and then mitigating the risks introduced by vendors (suppliers, third parties, or business partners) both before establishing a business relationship and during the business partnership.

• Multi-Factor Authentication - Implementing an MFA policy on all endpoints, including mobile devices, will make it very difficult for threat actors to compromise privileged credentials - a critical step preceding sensitive information theft for financial firms. 

• Firewall  - A regularly updated firewall is capable of detecting and blocking malware injection attempts.

There are many types of firewalls, often categorized by system protected, form factor, network placement, and data filtering method, including:

• Network firewall
• Host-based firewall
• Hardware firewall
• Software firewall
• Internal firewall
• Distributed firewall
• Perimeter firewall
• Next-generation firewall (NGFW)
• Packet filtering firewall
• Circuit level gateway
• Web application firewall
• Proxy firewall
• Stateful inspection firewall.

• Attack Surface Management - An attack surface management solution capable of detecting data leaks will significantly reduce the chances of a successful data breach, both internally and throughout the vendor network.

Attack surface management (ASM) is the continuous discovery, analysis, prioritization, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface.   

 

Unlike other cybersecurity disciplines, ASM is conducted entirely from a hacker’s perspective, rather than the perspective of the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.

ASM relies on many of the same methods and resources that hackers use. Many ASM tasks and technologies are devised and performed by ‘ethical hackers’ who are familiar with cybercriminals’ behaviors and skilled at duplicating their actions.

External attack surface management (EASM), a relatively new ASM technology, is sometimes used interchangeably with ASM. However, EASM focuses specifically on the vulnerabilities and risks presented by an organization’s external or internet-facing IT assets—sometimes referred to as an organization’s digital attack surface.

• Learn TTP (Tactics, Techniques, & Procedures) - Threat actors often use similar attack strategies due to similar vulnerabilities across the industry. Learning common suspicious activity patterns could help you intercept an attack attempt before any malicious codes are injected.

Tactics, Techniques, and Procedures (TTP) is the method used by IT and military professionals to determine the behavior of a threat actor (hacker). These three elements help you understand your adversaries better. While each element is important by itself, by studying all three elements, attacks can more easily be hunted down, identified, and neutralized. Knowing a hacker’s TTP’s can help you identify attacks early enabling you to neutralize them before significant damage is done. Read on for detailed descriptions of each component: 

• Tactics – Generic, beginning-to-end strategies hackers follow to accomplish their goals. This is the “what” a cyberattack’s goal is. Hackers often steal critical data to monetize via online dark web forums.
• Techniques – Non-specific, common methods or tools that a criminal will use to compromise your information. This is “how” cyberattacks are conducted. An example would be phishing users via email attachments or malicious links. 
• Procedures – Step-by-step orchestration of an attack. Procedures are often the best way to profile an attacker. Various hacking groups follow common procedures such as reconnaissance, then enumeration, then attack.

• Security ratings - This feature supports real-time monitoring for emerging security risks created by digital transformation. When combines with an attack surface management tool, security ratings help uncover the best security measures for many common types of attacks, including malware attacks and customer data compromise.

Security ratings help organizations better understand the cyber threats they face by offering continuous visibility into internal security postures. Security ratings also aid in compliance efforts as they allow businesses to continually monitor their adherence to regulations that relate to their daily operations.

 

• Regular data backups - Having a clean system backup on hand will help you restore business continuity during a ransomware attack.